The thought that there may be a Steam vulnerability is probably panic-inducing to many PC gamers, especially those who've saved their credit card information to their account.
Not to worry, your credit card information is safe.
According to a report by security firm ReVuln, Steam browser URLs, usually used to install and run games, can be exploited to launch unwanted programs. Safari users are particularly in danger of this happening, as the browser doesn't ask for user permission before programs are launched.
The report then delineates ways to exploit Steam via the Source and Unreal engines. For instance, games like APB Reloaded, because they use anti-cheat programs such as PunkBuster, require administrator access. If users give administrative access to APB Reloaded, exploiters can be granted access to the entire system.
The report then concludes with some temporary workarounds to prevent the exploit. Hopefully, Valve is hard at work with a solution.