Of course, an online security company has a vested interest in pointing out security loopholes, but still, this makes for interesting reading.

Revuln has taken a look at how Steam runs and has found a tiny security loophole in the way the Steam browser protocol uses a URL handler to perform basic tasks like installing and executing games.

Advertisement

Seems Apple's Safari can run these commands without the user knowing, meaning attackers could potentially use the browser as a means of sliding in and compromising all kinds of games.

I know, Safari, but a hole is a hole, and the way Revuln found it and detail it is pretty good reading.

STEAM BROWSER PROTOCOL INSECURITY [Revuln, via PC Gamer]