Skip to main content

CS:GO has a years-old bug that can let a hacker take over your computer

CS:GO has a years-old bug that can let a hacker take over your computer


A researcher informed Valve about the bug in 2019

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

EA has a new custom anti-cheat system for PC
Illustration by Alex Castro / The Verge

Hackers have found a new exploit in Counter-Strike: Global Offensive that could allow a hacker to take control of your computer if you click on a Steam invite to play the popular first-person shooter.

The bug was discovered by The Secret Club, a white hat hacking group, which found that the hackers can exploit the bug by using Steam’s invite system. Should a victim click on the link, a hacker could acquire private information from anyone who accepts it.

The exploit was discovered in the Source game engine, which Valve developed and is used in several game Valve titles, including Counter-Strike: Global Offensive. While some games that use the engine no longer have the bug, the exploit is still present in Counter-Strike: Global Offensive as seen in the video below.

According to The Secret Club, one of its members and security researcher named Florian flagged the bug to Valve in 2019. Florian told Motherboard that he reached out to Valve about the bug via HackerOne, a bug bounty platform that the studio uses. Despite Valve classifying the bug as “critical,” Florian told Motherboard that the studio admitted it was “slow to respond” in threads regarding the bug.

The revelation about this bug is concerning for Counter-Strike: Global Offensive players. Although the game is almost 10 years old, it is still very popular on Steam. More recently, the game switched to a free-to-play model in 2018 and is one of the world’s biggest esports leagues.