Researchers identified security vulnerabilities in the VS Code Marketplace that could be exploited by malicious actors, as these flaws allowed extensions with malicious dependencies to gain credibility (through high install numbers) and access to user systems.
They found extensions that communicated with suspicious addresses, executed unknown binaries, and contained hardcoded secrets, highlighting the need for stricter security measures in the VS Code Marketplace to protect users from potential attacks.
https://cybersecuritynews.com/flaws-vs- ... xtensions/