Flaws in popular VSCode extensions allow attackers to steal files and execute code. Vulnerabilities affect extensions like Code Runner and Markdown Preview Enhanced, with over 128 million total downloads. Discovered by Ox Security, the issues pose risks such as data exfiltration and system takeover. Developers are advised against using untrusted configurations and to only install reputable extensions.
Flaws in Popular VSCode Extensions Expose Developers to Attacks

