Skip to main content

Steam browser security loophole spotted

A report from hardware and software security firm Revuln has been posted online, highlighting a security flaw that could allow attackers to target PCs using Steam browser launch commands. The steam:// URL is a quick way to install and launch games from a browser. Revuln point out that Safari can launch steam:// commands silently without the user knowing, providing a window of opportunity for attackers.

The report highlights ways in which local processes that exist on our PCs as part of game installations could be misused to cause mischief. Revuln highlight different attack strategies using Source and Unreal engine games. The good news is that major browsers like Internet Explorer, Firefox and Chrome, give warning before programs are launched. Valve will surely be right on this, if they haven't found a fix already. Until then it might be wise to avoid Safari and, as always, say no to any unexpected program launches.

Based in Bath with the UK team, Tom loves strategy games, action RPGs, hack ‘n slash games, digital card games… basically anything that he can fit on a hard drive. His final boss form is Deckard Cain.