The Steam Deck web browser desperately needs an update

Screenshot: Valve / Mozilla / Kotaku

As reported by Gaming on Linux and talked about on Reddit, Steam Deck has a small security issue with its rather obsolete version of Firefox. Valve has promised a solution, but it won’t arrive until the next SteamOS update. This is less than ideal.

The current version of the popular non-chrome browser is 102.0.1, while SteamOS has the six-month version 96.0.3. You don’t need to be a regular at Def Con’s piracy conference to know that you shouldn’t run into an outdated web browser, especially one you use to store passwords for, oh, I don’t know, social media. media websites, banking websites or even Steam itself. (By the way: don’t save passwords in your browser. That’s what password managers are for.)

Valve’s latest major SteamOS update arrived on May 26, with frequent customer updates over the following weeks. However, none updated the January version of Firefox. There is also a beta version available for the next operating system update, but you will have to accept it and it is not a finalized version. This beta also doesn’t update Firefox, nor is switching to a beta version of an operating system usually a good way to improve security stance.

Kotaku has contacted Valve to comment.

While extracting too much of this specific problem may be making a molehill mount (to be fair, I’m far from a security expert), it poses a challenge with SteamOS and Linux games in general.

According to the latest results from the Steam Hardware and Software Survey, Linux users represent only 1.18% of the Steam population. Sure a small amount, but one that is growing with the growing popularity of the native Linux Steam Deck. People who typically run Linux operating systems are more than capable of keeping them safe, but what happens when the SteamOS population grows to the point that it becomes an attractive target for exploiting vulnerabilities and distributing malware? And with the announcement of Steam Deck to the general public and not just hackers, the “do’s and don’ts” of keeping a Linux machine safe will only be more important.

If you have a background of Windows, the way Linux handles application installations may seem strange, with terms like “Flatpak,” “Snap,” and “repository.” Linux has its own way of doing things and is a bit more complex than double-clicking a setup.exe. There’s also no “Linux Defender” ready to always ask you “Are you sure you want to install this?” Steam Deck’s “Desktop Mode” may look similar to Windows or macOS, and I’m confident Valve has prioritized security, but adding the wrong repository by taking random Internet commands to do things as simple as displaying games Epic Games Store or GOG. on Steam it can easily get you in trouble if you’re not 100% sure how to keep your machine safe.

For many, Steam Deck may not only be their first Linux gaming device, but their first experience with the Linux period (Android doesn’t count). As Steam Deck and SteamOS continue to gain users, many will be more interested in getting their games working properly with the least hassle possible than learning how to securely manage a Linux operating system from the ground up. Right now, most “noob Linux game questions” are answered by generous and helpful enthusiasts, not bad actors. But it is not hard to imagine someone with malicious intentions and knowledge of how to exploit situations such as obsolete software by intervening to take advantage of users who are unaware, for example, of the dangers of running random scripts.

Consoles are blocked gaming environments for many reasons, but security is certainly the main one among them. And while Windows security can definitely be compromised, most of us just assume that Windows Defender will prevent us from a total disaster. And he usually does. Valve may be right to put everything on Linux for the future of gaming, but security challenges will only grow as Steam Deck gains popularity. From now on, Valve would be prudent to do everything possible to keep security considerations at the forefront, and this will require more timely updates with the goal of fixing potentially critical vulnerabilities as its user base grows sufficiently. to attract nefarious interests.

Leave a Comment

Your email address will not be published. Required fields are marked *