neowin[.]net/news/valve-fixes-zero-day-exploit-for-steam-in-latest-beta
bleepingcomputer[.]com/news/security/steam-zero-day-vulnerability-affects-over-100-million-users/
steamcommunity[.]com/groups/SteamClientBeta#announcements/detail/1602638506845644644
The researcher who found the bug apparently had problems with the bug bounty program that Valve/Steam uses -- they initially said it didn't qualify. He pushed the issue, & when he didn't get satisfaction released details of the bug publicly. Another researcher posted his take on Twitter re: the same bug, having discovered it earlier. The Steam beta includes a patch, but I haven't seen any write-ups saying how likely it is that the bug would actually be exploited, how serious it really is etc.