A new CS2 exploit that uses HTML code blocks in-game to display GIFs could potentially be putting gamers at risk. The exploit was initially discovered by players, who figured out that by changing their Steam ID to a HTML code block, they could show NSFW gifs to other players via the in-game kick menu.

While it was funny at first, it had been discovered that there could be more malicious intentions behind the glitch.

Credit: Daniel Morris

How does the CS2 HTML exploit work?

This CS2 exploit is a result of the way the in-game vote system draws user names. For some reason, Valve has made it so this can read HTML code blocks, which can be used to draw images and GIFs in-game.

It has since been discovered that those exploiting the glitch are able to get hold of player IP addresses. With the exploit being so new, others are concerned about the possibility of using it to execute code on gamer’s PCs.

As of right now, it is unclear whether this is actually possible. However, it seems like a distinct possibility, and it may be best to avoid playing CS2 until the exploit is patched. The nature of it means it’ll be the highest priority for Valve, and it may be fixed before the night is done.



If you see someone with a username that looks like a HTML block in-game or via invite, avoid them for now – the safety of your Steam account could depend on it.