The GOG exploit has not been removed for almost 2 years. CD Projekt knows about it perfectly well

Do you know that by installing GOG, the digital distribution platform for the Polish company CD Projekt, you expose yourself to attack by cybercriminals? For almost two years, the dangerous exploit has been known to the whole world and also to the company, which unfortunately has not responded adequately for a long time.

The GOG exploit reported in January 2020 by Joseph’s Test has still not been properly addressed

The exploit is not one to turn a blind eye to. Especially when one computer is used by many users with different accounts with the GOG application installed. It allows you to grant system privileges to any logged in account, and then gain access to any computer on which GOG Client is installed. From there, you can wreak havoc left and right. This is because an attacker could add a DLL to GalaxyClient.exe by defeating the TCP-based “trusted client” protection mechanism.

Although CD Projekt reacted relatively quickly, it was only a temporary hiding the problem under the carpet. First, it came down to updating the message validation key, and then (still ongoing) crashing the GOG application while trying to use this exploit.

This does not mean, however, that it cannot be used – on the contrary, although the methods are unknown. Additionally, CD Projekt knows that this is only a temporary solution and is therefore constantly working on eliminating this exploit, although it admits that it is very difficult.