If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Valve finally fixes CS:GO exploit that could give hackers control of PCs

Two years after it was reported.

Valve has finally fixed a security vulnerability in Counter-Strike: Global Offensive that could be used by hackers to gain remote control of a player's PC - an issue the company had reportedly known about for two years by the time its existence was publicised last week.

News of the exploit was circulated in a tweet by not-for-profit reverse-engineering group The Secret Club. It explained one of its members, Florian, had contacted Valve two years prior to report a remote code execution flaw which made it possible for a hacker to take over a target's PC by tricking them into accepting a Counter-Strike: Global Offensive Steam invite.

Although the exploit - one of several vulnerabilities reported to Valve by Secret Club members - had the potential to affect any game utilising Source Engine, The Secret Club stressed only CS:GO was still verifiably at risk. "We cannot say for sure if and when things have been patched in other games throughout the time without us being notified about it," it wrote.

Following The Secret Club's post, others began sharing stories of reporting bugs to Valve and receiving no response. As Florian put it in conversation with Vice's Motherboard, "Valve's response has been a complete disappointment right from the start. Our experience has always been slow response times, with little to no patches being pushed to production. They truly don't care about the security and integrity of their games."

However, it seems the increased scrutiny around the exploit resulting from The Secret Club's tweet finally spurred Valve into action, and the company has now patched the Counter-Strike vulnerability. "Good news!," Florian wrote in a follow-up tweet over the weekend, "Valve fixed my recent exploit and gave me permissions to disclose details." Florian says he's currently working on a detailed technical write-up, which he plans to release soon.

Eurogamer news cast: the improvements the PS5 desperately needs.

A separate remote code execution flaw, which can be triggered in Team Fortress 2 by joining a community server, was also highlighted by The Secret Club last week. This too is said to have been reported to Valve two years ago, but in this instance, is still awaiting a fix.

Will you support Eurogamer?

We want to make Eurogamer better, and that means better for our readers - not for algorithms. You can help! Become a supporter of Eurogamer and you can view the site completely ad-free, as well as gaining exclusive access to articles, podcasts and conversations that will bring you closer to the team, the stories, and the games we all love. Subscriptions start at £3.99 / $4.99 per month.

About the Author

Matt Wales avatar

Matt Wales


Matt Wales is a writer and gambolling summer child who won't even pretend to live a busily impressive life of dynamic go-getting for the purposes of this bio. He is the sole and founding member of the Birdo for President of Everything Society.


More News

Latest Articles

Supporters Only

Eurogamer.net logo

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Eurogamer.net Merch