Update: Last night, a warning was sent out regarding a Steam XSS bug. This was a fairly alarming security flaw that could use Steam Community profile pages to inject malicious code and essentially hijack your account with access to comments, the Steam marketplace, your Steam inventory and more. Fortunately, once Valve got wind of this exploit, a fix was promptly put into place.

Late last night, Valve patched the XSS exploit so it should now be safe to browse the Steam Community pages on a regular web browser once again. That said, if you clicked on anybody you deem suspicious at some point yesterday, then it would be best to check you have two-factor authentication switched on for your Steam account and double down on security with a password change.

Original Story: It looks like Steam users might want to be careful when browsing Steam as an XSS exploit has been discovered which can seriously affect account security. The issue was made public earlier today and can allow attackers to inject their own code, which could allow someone to hijack your Steam profile and perform various actions on your account.

Steamdb helped publicise the issue, which amongst other things could allow an attacker to send trade offers, sell or buy marketplace items, post comments, make group announcements, join groups and more all on your profile, bypassing Steam's usual security.

So until Valve fixes this particular exploit, you should be careful when it comes to random friend requests and random links sent via the Steam chat. As of yet, Valve has yet to acknowledge this XSS exploit but hopefully the company will fix it up and make an announcement soon.

KitGuru Says: Stay safe out there guys, the last thing you want is to wake up one day and find all of your marketplace items gone. Hopefully Valve can give us a proper update on this soon. 

Become a Patron!