Valve’s Steam service is no stranger to exploits, but the latest to be discovered is of a severe enough nature to warrant its own warning. According to one of the moderators at Steam’s subreddit, an exploit is making the rounds that directly involves user profiles, in addition to specific community pages.
As crazy as it might sound, the suggestion is to avoid visiting any profile pages (even your own), and probably anything community-related at all, until Valve can fix whichever exploit is being taken advantage of.
The subreddit moderator, R3TR1X, is deliberately keeping things vague, for the fear that others will discover the exploit and start taking advantage of it themselves. What we do know is that if someone encounters the exploit, they can be rerouted automatically to a different website or even execute inline scripts. If someone could automatically be rerouted to another site that looks like Steam, then it doesn’t take much imagination to understand the risk here.
If you’re really concerned about falling victim to this exploit, it’s being recommended that you simply disable JavaScript, or use a plugin that would allow you to disable JS on a per-website basis. As of the time of writing, it doesn’t appear that Valve has itself admitted that this exploit exists, or when it will be fixed. So until then, just play it safe.