Popular VS Code Extensions with Over 125 Million Installs Found Vulnerable to Cyberattacks

Four popular extensions of VS Code, with a combined total of over 125 million installations, have been found to contain vulnerabilities that allow attackers to steal local files and execute code remotely. The affected extensions are Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview. Researchers from OX Security identified these flaws but did not specify a disclosure date or provide CVE references. The impacts include data exfiltration and the execution of malicious commands on users' systems. Source: https://securityaffairs.com/188185/security/vs-code-extensions-with-125m-installs-expose-users-to-cyberattacks.html