For over a decade a bug in Steam meant someone could take over your PC
https://www.pcgamer.com/for-over-a-decade-a-bug-in-steam-meant-someone-could-take-over-your-pc/
On March 22 one of Steam's regular updates was rolled out, complete with fixes to the in-game overlay and problems involving corrupt items on the Steam Workshop. It also dealt with a bug that made it possible for someone to get access to the computer of anyone with Steam run code remotely, effectively taking over their computer.
Security researcher Tom Court has blogged about the bug and its potential misuse, explaining that, "At its core, the vulnerability was a heap corruption within the Steam client library that could be remotely triggered, in an area of code that dealt with fragmented datagram reassembly from multiple received UDP packets."