https://www.techradar.com/news/steam-had-a-decade-old-security-flaw-that-could-allow-someone-to-take-over-your-pc

Sometimes, vulnerabilities can hang around for years and years without being discovered, and a remote code execution flaw found in Steam has reportedly been a gaping hole in the side of Valve’s gaming service for no less than a decade – although it has now been patched.

As Motherboard reports, Tom Court, a security expert at Context, believes that the exploit had been present in Steam for at least 10 years, and every user of the service could potentially have had this leveraged against them during that period.