That part about the Steam overlay is interesting. This stuff is over my head, but this makes it sound like Valve's implementation creates an unnecessary attack surface. Its also pretty lame that disabling the option for it has no effect on the exploit.
Personally, I think that part ended up being more interesting than the Unity bug itself purely because of the implications. A friend was able to abuse the xinput1_3 RWX region in particular to get code execution in a different game with only an arbitrary write primitive and no ASLR leaks. I wouldn't be surprised if this trick got abused for in-the-wild game RCE exploits like the Apex Legends one (though I have no way to verify that).