The steam:// URL is a quick way to install and launch games from a browser.
Hardware and software security company Revuln pointed out that Safari can launch steam:// commands silently without the user knowing, providing a window of opportunity for attackers.
The report highlights ways in which local processes that exist on our PCs as part of game installations could be dangerous. Revuln highlighted different attack strategies using Source and Unreal engine games. The good news is that major browsers like Internet Explorer, Firefox, Chrome and Opera, give warning before programs are launched but if you hide the warning by default for Steam links (like I did) you might be in trouble.
For now avoid Safari and, as always, say no to any unexpected program launches. Also who the hell uses Safari on PC?
Here’s Revuln’s PDF with detailed description
Source: PC Gamer