Seems a terrible idea given how many code execution bugs have been found throughout the years in the "loading a savegame" part of games. You would have an RCE in your hands pretty quickly.
Pretty much every aspect of video games already make them “handle everything with extreme caution”-type software- eg there were RCE bugs in tf2 that could be triggered by a malicious client joining a server, or being able to write whole programs into various pokemon gameboy games just using the right sequence of inputs. I think if I’m not mistaken there was even a case of user picture sprays in source engine games being maliciously crafted.
You may as well plan your security mitigations in such a way that, ultimately, RCE is no more of a big deal than somebody being able to launch notepad.exe or chrome.exe to use a cloud gpu server as a remote desktop.
Now, that’s all to be said unless you’re dealing w somebody who has a GPU-/hypervisor sandbox escape exploit in addition to a RCE sploit they want to plant. In which case ya ur screwed. And I bet there’s serious effort spent by both eg NVIDIA and other cloud gaming providers, but, well, that’s a different beast than untrusted binary savegames
When they remastered Starcraft, to preserve compatibility, they emulated the buffer overrun that many maps were using to directly write data to game memory.
Geforce NOW was best for things like this. They'd let you run VM with Win10 and Steam. So you could easily leverage to admin, download let's say RDR2 from internet and play it on VM, hehe.
There is/was whole market going on, people sold "exploits" for Geforce NOW, so people would play whatever they want.
