Just don't use the embedded browser for anything else than Steam.

Since it doesn't have NoScript and uBlockOrigin, browsing the web with it is a terrible experience anyways.

Originally posted by Steven Seagull:

Just don't use the embedded browser for anything else than Steam.

Since it doesn't have NoScript and uBlockOrigin, browsing the web with it is a terrible experience anyways.

Correct and absolutely good advice.
Using the Steam browser for browsing anything but the curated community or storefront is both a pain and an enormous security risk.

Giving this some more visibility with additional information:
The fact that the embedded Chromium browser is as woefully out-of-date as it is, has now begun to cause payment completion problems.

I just tried an iDeal payment, which redirects to my bank's e-banking portal for authorization and completion. And the banking portal's layout on its authorization page was completely trashed. The payment could luckily still be completed, because I was very familiar with what the layout is supposed to be like and what data should go where - but others might not be so lucky.

Took a look in a normal browser and of course, there these pages work just fine.
So I popped open the browser developer tools to nose around a bit. Took all of a few seconds to realize this particular e-banking solution updated to using some relatively new DOM and CSS specifications for custom element rendering and related subjects. 'Relatively new' being in the eye of the beholder, really. This stuff has been part of all mainstream browsers for a long enough time to rely on it unconditionally. Except... that of course does not include 2 year old; and heavily outdated embedded Chromium browsers.


Hey; Valve?
Maybe upgrade your browser component, ya?
So; y'know, your customers can actually PAY YOU?
(Securely - at that...)

Additionally: maybe look into delegating payment fulfillment to the OS default browser?

Technically speaking that is a requirement for iDeal to begin with. Its implementation guidelines for merchants state that merchants should not use embedded in-app browsers for payments, but should use either a native SDK or should delegate to the OS default browser.

(Could maybe also use that to finally resolve the pesky problem with Google sign-ins; which are blocked on embedded browsers as well...)

While it absolutely should get updated, and probably more often than it does, I would also like to add that this is exactly one more reason why when I see people say to "Run Steam as Admin" as a solution to something, that's not a good solution.

I'm not dissing Steam here directly but running a browser as admin in 2022 is a terrible idea in any case, but if it's outdated, even more bad idea. ;)

I don't even know why it is possible to open any websites in the embedded browser other than Steam. There should be a whitelist: Steam, Youtube, maybe Twitch. Open the others in your native browser.

It has it's uses, such as BPM giving the console view a TV style browser. Also in game, games can pop it to buy more stuff for their game in a browser

Originally posted by Drex:

It has it's uses, such as BPM giving the console view a TV style browser. Also in game, games can pop it to buy more stuff for their game in a browser

Y'know. I've literally never seen game developers use the embedded Steam browser?
Sure; I've seen games that used embedded browsers, generally MMOs following the GaaS model. But they'd generally use their own CEF browser (and actually keep it up to date...) or for Windows-only games: defer to the Edge Web View component to embed the Edge browser (and ::puke:: IE/Trident before that...)

Speaking of which; that's a nice way for Valve to keep the Windows desktop version of the Steam Client up to date without needing to invest tons of effort into it themselves. Edge is Chromium nowadays, and Microsoft offers an up-to-date version 2 of the Edge Web View component to match. They ensure it's kept evergreen as part of OS updates; you just consume and use it.

Having different WebViews for Windows and everything else would be more maintenance work for Steam developers.

Originally posted by Steven Seagull:

Having different WebViews for Windows and everything else would be more maintenance work for Steam developers.

Also true, sadly.
You win some; you lose some.

Best would still be if Valve would just be responsible enough and dedicate the necessary resources to ensure the browser they're embedding themselves, remains up to date.

Originally posted by RiO:

Best would still be if Valve would just be responsible enough and dedicate the necessary resources to ensure the browser they're embedding themselves, remains up to date.

Actually, I really don't want that, because Chromium won't work on Windows 7 soon. I'm fine with the old version, I can use Steam at least.

Huh that windows 7 thing is an interesting thought. Not sure how they would plan to handle that further in the future. But yeah Steam used to use IE in the past a long time ago, this chromium upgrade was a big deal. These days though it kind of bothers me, that so many things are web based apps but all use their own completely different copy of a whole browser install to effectively do the same thing everywhere.

It'd be nice if Windows had a nice chromium one since edge is on that now, but if linux also had a unified generic web view framework that apps could shoehorn quickly as well so it wasn't a hassle.

But I find it ridiculous how many different browser installs we have these days, especially with how many may or may not even be up to date. But Steam has one, Discord is entirely a web app as well, numerous games use in game browsers with their own copy, I can think of guild wars 2 off the top of my head.

As for my comment earlier about games being able to use the overlay as well, I can say I know warframe can pop shop windows in the overlay but not sure what else out there.

Originally posted by Drex:

Huh that windows 7 thing is an interesting thought. Not sure how they would plan to handle that further in the future.

Afaik officially Windows 7 support was already dropped and in fact has been in "maybe it'll work; maybe it won't - not our problem"-territory for some time now.

My guess is with Chromium dropping support because Windows 7 is actively holding them back from implementing several performance and security improvements, somewhere quite soon Chromium will cease to function on Windows 7 altogether; meaning on Steam as well. And Valve will simply not care; because it wasn't supported any longer anyway.

Originally posted by Drex:

but if linux also had a unified generic web view framework that apps could shoehorn quickly as well so it wasn't a hassle.

For Linux, there are these two at least:
https://packages.debian.org/bookworm/libwebkit2gtk-4.0-37
https://packages.debian.org/bookworm/libqt5webenginecore5

Maybe update CEF to the last version which still supoorts Windows 7, then don't update it for 2 years. Then Windows 10 will be out of support anyways, people can fully transition to Linux then xD

Yeah, it'd be nice if they had a way to just lock the browser version if your Windows build is older. Honestly this is a really poorly thought out thing for the Chromium people. I get it on the mainline browser but these embedded components are in thousands of other programs that'll get broken by this