I am surprised VGUI browser shares cookies across Steam accounts. When I log out of my Steam account, switch to another one, launch the same game, I would have expected an entirely different datastore to be used for the VGUI browser.
replies(3):
Valve worked on it for a little while patching bugs as they popped up (notoriously slowly I might add). Then in August 2017, an exploit in which server operators could execute JavaScript on players that joined their servers started to spread and was maliciously abused by bad actors. For example, some server operators using their player bases residential IP addresses to sign up to gambling websites so they got kickbacks. Others simply tried to hijack Steam accounts or sell rare Steam virtual items on the Steam marketplace to themselves.
After Valve patched the above exploit, some smaller bugs popped up in the following weeks and 2 months later in October, Valve completely binned the VGUI browser in CSGO. They had enough! This broke a lot of plugins like IdentityLogger and music players that would play music in the background as you played the game. But at least the attack vector was removed.