A short while ago a friend of mine posted to me this article about two new Steam security holes found by outside sources that participated in Steam’s bounty program:
Here’s a link to the Russian article:
https://amonitoring.ru/article/steamclient-0day/
Twitter post from Matt Nelson: