Security Company Finds Chink in Steam's Armour

Of course, an online security company has a vested interest in pointing out security loopholes, but still, this makes for interesting reading.

Revuln has taken a look at how Steam runs and has found a tiny security loophole in the way the Steam browser protocol uses a URL handler to perform basic tasks like installing and executing games.

Seems Apple's Safari can run these commands without the user knowing, meaning attackers could potentially use the browser as a means of sliding in and compromising all kinds of games.

I know, Safari, but a hole is a hole, and the way Revuln found it and detail it is pretty good reading.

Security Company Finds Chink in Steam's Armour

STEAM BROWSER PROTOCOL INSECURITY [Revuln, via PC Gamer]