Web accounts

Steam Deck’s web browser really needs an update

A Steam Deck screen displays the Firefox web browser logo cracked in half.

Screenshot: Valve / Mozilla / Kotaku

As reported Play on Linuxand discussed on Reddit, the Steam Deck has a small security issue regarding its fairly outdated version of Firefox. Valve reportedly promised a fix, but it won’t come until the next SteamOS update. It’s far from ideal.

The current version of the popular chrome-free browser is 102.0.1, while SteamOS sports the six-month-old version 96.0.3. You don’t have to be a regular at Def Con hacking conferences to know that you shouldn’t be running around with an outdated web browser, especially the one you use to store passwords for, oh, I don’t know not, social media sites, banking websites, or even Steam itself. (By the way: don’t store passwords in your browser. That’s what password managers are for.)

Valve’s last major SteamOS update arrived on May 26, with frequent client updates in the weeks that followed. However, none have updated the January version of Firefox. There is also a beta version available for the next OS update, but you will have to accept it and it is not a finalized version. This beta version also does not update Firefox, and moving to a beta version of an operating system is generally not a good way to improve its security.

Kotaku has contacted Valve for comment.

While pulling too hard on this specific issue can make a mountain of a molehill (to be fair, I’m far from a security expert), it poses a challenge with SteamOS and Linux gaming in general.

Since the most recent Steam Hardware and Software Survey Results, Linux users make up just 1.18% of Steam’s population. A tiny amount, sure, but growing with the growing popularity of Linux’s native Steam Deck. People who typically run Linux operating systems are more than capable of protecting them, but what happens when SteamOS’ population grows to such an extent that it becomes an attractive target for exploiting vulnerabilities and distributing malware? And with the Steam Deck announced to the general public and not just hackers, the do’s and don’ts of protecting a Linux machine will only become more important.

If you have a Windows background, the way Linux handles app installs might seem odd, with terms like “Flatpak”, “Snap”, and “repository” floating around. Linux has its own way of doing things, and it’s a bit more complex than double-clicking a setup.exe. Nor is there a “Linux Defender” ready to always ask you “are you sure you want to install this?” Steam Deck’s “desktop mode” may look like Windows or macOS, and I hope Valve has put security first, but adding the wrong repository by typing random commands over the internet to do things as simple as d Getting Epic Games Store or GOG games to show in Steam can easily land you in trouble if you’re not 100% sure how to protect your machine.

For many, the Steam Deck may not just be their first Linux gaming device, but their first experience with the Linux era (Android doesn’t count). As Steam Deck and SteamOS continue to gain users, many will be more interested in getting their games to run smoothly with as little hassle as possible than learning how to safely run a Linux operating system from scratch. At present, most “novice linux video game questionsrespond generous and helpful enthusiasts, not bad actors. But it’s not hard to imagine someone with malicious intent and knowing how to exploit situations like outdated software stepping in to take advantage of users who don’t know, for example, the dangers of running scripts random.

Consoles are locked down gaming environments for many reasons, but security is definitely the main one. And while Windows security can certainly be compromised, most of us just assume that Windows Defender will save us from complete disaster. And it usually is. Valve can be right next to it betting on linux for the future of gaming, but the security issues will only grow as the Steam Deck grows in popularity. Going forward, Valve would be wise to do its best to keep security considerations top of mind, and this will require more timely updates to fix potentially critical vulnerabilities as its user base grows. enough to attract nefarious interests.