Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening
PROFILE pages of other steam users as well as your OWN
activity feed (both desktop and mobile versions on all browsers including steam browser/chromium). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options.
Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.
Anyone (with knowledge of the exploit) who uses or abuses it FOR ANY REASON will RISK RECEIVING A COMMUNITY BAN.
Keep in mind that any discussion on any exploit method is NOT allowed here and will result in a ban without warning. This post is intentionally vague, and will be kept that way due to the nature of this exploit.
And to make it VERY clear: do NOT post profile links on this sub (temporarily), do NOT post proof of concepts (we have the repro steps and passed them on), do NOT post anything relevant that might provide information on how to do this exploit (incl. youtube links). This post is your warning.
TO THOSE POSSIBLY AFFECTED:
Change your Steam Account password, enable Mobile Authenticator if it's not on already (otherwise deauthorize other computers on Steam Guard on all systems from settings) then restart your modem/change IP. You might want to also consider scanning your system with a malware scanner/anti-virus.