Video games including popular eSports title Counter Strike: Global Offensive (CS:GO) have an exploit that could allow hackers to take over the player’s computer, warns a cybersecurity researcher.

Motherboard reported that a researcher named Florian discovered the exploit, where hackers gain control by using a bug with the Steam ‘invite to play’ feature.

Once they gain control of the computer, the bug can also go on to infect their friends’ machines through the same method, it reported.

Steam is a game software distribution platform owned by Valve Corporation. Valve is also the maker of Source Engine, which is used by CS:GO and many other games, including Team Fortress 2.

The bug could theoretically affect other games using the Source Engine, although the Motherboard article reported that the vulnerability appeared to have been patched in games other than CS:GO.

“We can’t say in how many games it used to work and if/when things got patched,” Florian was quoted as saying in the article. “When we posted that this exploit affects every source engine game one should understand this as ‘every game might theoretically be affected as it is a bug in the engine and not something game specific’.”

However, at press time, CS:GO was still not patched.

In a call with Motherboard, Florian also pointed out that though he raised the issue through Valve’s bug bounty platform back in 2019, the company did not resolve the issue even though it marked the bug as “critical”.

“I am honestly very disappointed because they straight up ignored me most of the time,” Florian said in an online chat.

Valve did not respond to a request for comment by Motherboard.