Nasty Steam XSS Exploit Discovered, Luckily Enough Fixed


A Steam exploit has been discovered yesterday, with Valve inviting, on the official subreddit, fans not to visit other users’ pages and even be careful when browsing their own activity feed. Luckily enough, a fix has already been deployed a few hours later, making it once again safe to do such operations on the much popular PC gaming platform.

Valve Fixes Major Steam Exploit

Yesterday’s message from a moderator on Reddit said what follows:

“Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions of all browsers including steam browser/chromium). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser.”

“Keep in mind that any discussion on any exploit method is NOT allowed here and will result in a ban without warning. This post is intentionally vague, and will be kept that way due to the nature of this exploit.”

It’s not the first time Valve’s Steam has similar issues with security. I recall couple Christmas days ago we had the website and platform completely offline, showing Russian writings all over the place once returning online. It’s not to say the platform is not secure, but ultimately it gets increasingly difficult to protect games on PC.