No, it is not only a problem for users on Safari. Safari is the most vulnerable because it is the only major browser that will run Steam:// links without asking the user, though a browser asking the user if they want to run something has never been a completely effective measure. The other issue is that even though other browsers won't automatically run the links by default users may have used a Steam:// link before and told their browser to automatically run them in the future.
The exploit will also work without prompting the user with a webkit, which means anyone using the Steam or the Steam in game browser will be vulnerable.
Last edited by mckerney : 10-16-2012 at 02:40 PM.
|