Research Names: Simon Scannell, Carl Smith, Brymko
Link: https://secret.club/2021/05/13/source-engine-rce-join.html
Gaming just got a whole lot more dangerous. This RCE chain enables an attacker to invite a victim to play on their CS:GO server / match. When the victim joins the server, an info-leak is chained with an OOB access that leads to 100% reliable RCE in the CS:GO client of the victim. This gives the attacker full access to the computer used by the client.
Not only can you hack your friends, but the bug is also wormable through steam invites on gaming machines. As of April 2021, CS:GO records are 1.3 million concurrent players and 26.2 million unique players… that’s a lot of shells. For extra style points, this RCE is similar to Heartbleed.