Steam browser security loophole spotted

A report from hardware and software security firm Revuln has been posted online, highlighting a security flaw that could allow attackers to target PCs using Steam browser launch commands. The steam:// URL is a quick way to install and launch games from a browser. Revuln point out that Safari can launch steam:// commands silently without the user knowing, providing a window of opportunity for attackers.

The report highlights ways in which local processes that exist on our PCs as part of game installations could be misused to cause mischief. Revuln highlight different attack strategies using Source and Unreal engine games. The good news is that major browsers like Internet Explorer, Firefox and Chrome, give warning before programs are launched. Valve will surely be right on this, if they haven't found a fix already. Until then it might be wise to avoid Safari and, as always, say no to any unexpected program launches.