Source Engine games have a vulnerability that can provide anyone with access to your PC
This report comes courtesy of The Secret Club, a "not-for-profit reverse-engineering group" that looks into publicly available software and publishes vulnerabilities under the expectation that the software developer fixes those vulnerabilities. Recently, the group posted a video on Twitter showing how someone can gain remote access to someone else's computer just by exploiting that Source Engine vulnerability.
The specifics of the vulnerability were not disclosed, but The Secret Club did make it clear that on the victim's end, all they need to do is accept an invitation to play a Source Engine game on Steam. After that, the hacker has full access to the victim's PC to do with as they please.
The Secret Club is also saying that Valve is preventing them from publishing the details of this vulnerability even though they've known about it for two years. And if they've known about it that long, then it's a certainty that less scrupulous hackers know about it too.
On top of that, Valve still hasn't fixed the exploit themselves even though The Secret Club told them about it years ago.
Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite. This has yet to be patched, and Valve is preventing us from publicly disclosing it. pic.twitter.com/0FWRvEVuUX— secret club (@the_secret_club) April 10, 2021