Valve Fixes Security Flaws In Steam Community

The Steam community site was deemed unsafe due to XSS (cross-site scripting) exploit that redirect users to a fake or phishing site, and compromise Steam users account. There’s a chance that users might lose their Steam Wallet funds from this vulnerability.

valve account

A post on Steam subreddit warns users of what the exploit does and advises users against clicking on Steam profile links.

  • Redirect you to any non-steam page, for example a phishing login page. From a user perspective it is you going to a legitimate Steam profile, then you see a login page.
  • Utilize scripting to use your Steam Market funds on any item the malicious user chooses, you wouldn’t even need to confirm anything as you’re on a valid login session.
  • Manipulate elements on the page as they see fit.
Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers including steam browser/chromium),” the warning says. “I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser.

The good news is that the issue has been fixed by Valve.

Related posts

Steam Remote Play Together Feature Is Out Today

Steam Remote Play Together Feature Is Out Today


Steam Remote Play Together Feature Is Out Today

Steam Remote Play Together has come out of beta and is now released to all users that are on Steam. This neat feature allows both iOS and Android devices to access local Multiplayer and cross-platform play among friends across Windows, Linux, macOS, iOS, and Android. Up to four players...

Dead by Daylight Latest Chapter Adds Samurai In Cursed Legacy

Dead by Daylight Latest Chapter Adds Samurai In Cursed Legacy


Dead by Daylight Latest Chapter Adds Samurai In Cursed Legacy

Cursed Legacy is the new chapter for Dead by Daylight. It tells the story of The Spirit's ancestor, Yamaoka Kazan: a Samurai whose wrath ended up drawing the Entity’s attention. The latest Chapter also introduces a new survivor, Kimura Yui: a vigilante street racer who finds herself...

THQ Nordic Drops A New Trailer For Darksiders Genesis

THQ Nordic Drops A New Trailer For Darksiders Genesis


THQ Nordic Drops A New Trailer For Darksiders Genesis

Darksiders Genesis is coming to the PC and Google Stadia on December 5, while the consoles will be getting the game on February 14, 2020. In Darksiders Genesis, both Horsemen begin with a variety of different attacks but will gain access to more devastating and fascinating ways to smash...

Leave a comment