You always hear about zero day vulnerabilities in Chrome, Skype, Zoom, Office, VLC, etc. But you never hear about vulnerabilities in video games (like popular multiplayer titles Fortnite or League of Legends) that hackers can use to perform remote zero day attacks on your machine.
Is playing video games like Fortnite or League of Legends in a public network totally safe and I do not need to worry about remote buffer overflow vulnerability attacks on those games?
Yes, they can have vulnerabilities. Some gaming companies, such as Riot, have a page where you can report vulnerabilities.
Actual examples of vulnerabilities: Fortnite has been vulnerable to account takeover and man-in-the-disk (not on Windows, though). Untitled Goose Game had an RCE flaw.
All software can have vulnerabilities, and video games are no different. It is certainly possible for games to have vulnerabilities, especially multiplayer ones where players may be in direct communication with each other.
Many multiplayer games are peer-to-peer (P2P), so players exchange packets with each other directly. In this case, there is no server to validate the traffic before it is passed to other users, so malformed packets could potentially crash the game, or worse, result in code execution. Of course, you'd hope that game developers would follow best practices and avoid these issues, but games are very complex and often still have many bugs.
I'm not saying server-side games are immune either, but are probably harder to find/exploit without getting caught.
It seems most people who look for vulnerabilities in games are just looking to cheat; getting free in-game money and becoming invincible etc. But there definitely could be issues that allow compromise of other players' computers; although I'm not aware of any.
I think at that point the server side would have to be exploited. I'm not saying it's outside the realm of possibility for an exploit to happen on the server that could then send malicious traffic back to your machine. It would be quite difficult. Now hacking the game via memory injection is possible, but even then the server would look for certain indications of what it expects from a certain return. Most memory injection that I have seen is to further the player. For instance:dropping a certain kind of loot, or exploiting the environment to their benefit like speed hacks. I've never come across being sent malicious traffic from an online game, but again. I'm not saying it's impossible.
Yes, video games can and do have vulnerabilities. I remember a vulnerability in League of Legends that went viral several years ago where users discovered that HTML could be injected in the user "status" message or in-game chat. Many people used this to inject CSS and change the color or font styling, but some users exploited it to make popups in chat that would distract the user or cover the entire screen. It was patched pretty quickly.
As it pertains to simpler games, take Minesweeper as an example. The original version of Minesweeper (XP and earlier) has some cryptographic weakness or a lack of proper randomness of some sort. Professional Minesweeper players discovered that the game boards would loop in a specific order in certain cases ("Board Cycles"), after seeing boards they had played before. In order to get a world record, they found the simplest of the boards that they could predict its upcoming occurrence due to a prior board, and after knowing when it would occur, they jumped ahead to that board by losing a bunch of games, and then did the easiest board as fast as they could, in order to set a world record time.
