Steam browser security loophole spotted

News
By published

A report from hardware and software security firm Revuln has been posted online, highlighting a security flaw that could allow attackers to target PCs using Steam browser launch commands. The steam:// URL is a quick way to install and launch games from a browser. Revuln point out that Safari can launch steam:// commands silently without the user knowing, providing a window of opportunity for attackers.

The report highlights ways in which local processes that exist on our PCs as part of game installations could be misused to cause mischief. Revuln highlight different attack strategies using Source and Unreal engine games. The good news is that major browsers like Internet Explorer, Firefox and Chrome, give warning before programs are launched. Valve will surely be right on this, if they haven't found a fix already. Until then it might be wise to avoid Safari and, as always, say no to any unexpected program launches.

TOPICS
Tom Senior
Tom Senior

Part of the UK team, Tom was with PC Gamer at the very beginning of the website's launch—first as a news writer, and then as online editor until his departure in 2020. His specialties are strategy games, action RPGs, hack ‘n slash games, digital card games… basically anything that he can fit on a hard drive. His final boss form is Deckard Cain.

Latest in Platforms
A screenshot from game Mudborne of a little humanoid frog in a marsh
Five new Steam games you probably missed (March 24, 2025)
midnight murder club
Five new Steam games you probably missed (March 17, 2025)
Screenshot of Children of Clay showing a mysterious clay model
Five new Steam games you probably missed (March 10, 2025)
discord
Brace yourself for Discord to get worse: Reports swirl that the company is in talks with bankers about opening itself up to shareholders
The Spy from Team Fortress 2 holds up a folder with an accusatory expression.
Steam users react ecstatically to update that lets them access their heaving game notes via the web, also it fixes Monster Hunter Wilds video recording
HasanAbi
Twitch streamer Hasan Piker suspended after saying Republicans would 'kill Rick Scott' if they really cared about Medicare fraud
Latest in News
Two brightly colored stormtroopers dressed like Run-DMC stand in front of PAX Australia's WELCOME HOME banner.
Tickets for PAX Australia 2025 are on sale now
An Enshrouded player in a recreation of Erebor from The Lord of the Rings
Kings under the Mountain! 33 Enshrouded players spent 10,000 hours to recreate this iconic location from The Lord of the Rings
A mech awakens.
Mecha Break developer is considering unlocking all mechs following open beta feedback
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
More about platforms
A screenshot from game Mudborne of a little humanoid frog in a marsh

Five new Steam games you probably missed (March 24, 2025)
midnight murder club

Five new Steam games you probably missed (March 17, 2025)
Two brightly colored stormtroopers dressed like Run-DMC stand in front of PAX Australia's WELCOME HOME banner.

Tickets for PAX Australia 2025 are on sale now
See more latest
Most Popular
Two brightly colored stormtroopers dressed like Run-DMC stand in front of PAX Australia's WELCOME HOME banner.
Tickets for PAX Australia 2025 are on sale now
An Enshrouded player in a recreation of Erebor from The Lord of the Rings
Kings under the Mountain! 33 Enshrouded players spent 10,000 hours to recreate this iconic location from The Lord of the Rings
A mech awakens.
Mecha Break developer is considering unlocking all mechs following open beta feedback
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened
Junah beginning a battle in Metaphor: ReFantazio.
Today's RPG fans are 'very sensitive to feeling like they wasted time' when they die, says Metaphor: ReFantazio battle planner—but Atlus still made combat hard anyway
Image of Cersei Lanniser from Game of Thrones: Kingsroad Steam early access trailer
A new Game of Thrones RPG is coming to Steam today with a cast of 'familiar faces,' which is good because it's really the only way to tell it's a GoT game at all
The new Prime Asset featured in the upcoming update for the Outlast Trials.
The Outlast Trials puts its already paranoid players under surveillance for a time-limited story event