A second zero-day vulnerability has been publicly disclosed in the Steam gaming client by security researcher Vasily Kravets after he said he was banned from its bug-bounty program. The revelations come two weeks after another zero-day previously disclosed by Kravets and researcher Matt Nelson was disputed by Valve, Steam’s parent company.