Counter-Strike: Global Offensive, Team Fortress 2, Portal 2 and other Source Engine games were all affected by a particularly nasty exploit until recently. Basically, by uploading custom assets into a custom map, hackers could use them to trigger a "buffer overflow vulnerability" which resulted in the victim PC being open to remote code execution.
"Valve's Source SDK contained a buffer overflow vulnerability which allowed remote code execution on clients and servers," OUP's statement reads. "The vulnerability was exploited by fragging a player, which caused a specially crafted ragdoll model to be loaded.
Multiple Source games were updated during the month of June 2017 to fix the vulnerability. Titles included CS:GO, TF2, Hl2:DM, Portal 2, and L4D2. We thank Valve for being very responsive and taking care of vulnerabilites swiftly. Valve patched and released updates for their more popular titles within a day."
For a demonstration of how it worked, this very short video tells you all you need to know. Death has never been so scary.