writeups.xyz / Exploiting Steam: Usual and Unusual Ways in the CEF Framework

Submitter : c2a

Date: 27 June 2024

Bounty : undisclosed

Vulnerabilities :

• Browser Hacking
• Thick Client
• RCE
• OS Command Injection
• Arbitrary File Read
• Arbitrary File Creation
• Components With Known Vulnerabilities

Programs :

• Valve (Steam)
• Google (Chromium)

Authors :

• DARKNAVY (@DarkNavyOrg)

Link :
https://www.darknavy.org/blog/exploiting_steam_usual_and_unusual_ways_in_the_cef_framework/