Malicious VS Code extensions strike again.

agnivesh@infosec.exchange

Malicious VS Code extensions strike again. I’ve lost track of how many times this has happened.

X Cancelled | Verifying your request

(xcancel.com)

#infosec #breach #cybersecurity #github #vscode

mokey@cotorreo.fraggle-rock.org

@agnivesh Friends don’t let friends use Visual Studio Code.

agnivesh@infosec.exchange

Now is a good time to remind everyone that there has been an open request since 2018 to harden how VS Code extensions are run, and Microsoft has yet to address it

[Feature Request] Extension Permissions, Security Sandboxing & Update Management Proposal · Issue #52116 · microsoft/vscode

I believe that Visual Studio Code should support some kind of "Extension Permission Management", complete with prompts, warnings, opt-in, and opt-out, similar to what has been supported for some time now with Chrome, Firefox, and other b...

GitHub (github.com)

CIRCLE WITH A DOT

Malicious VS Code extensions strike again.

X Cancelled | Verifying your request

X Cancelled | Verifying your request

X Cancelled | Verifying your request

[Feature Request] Extension Permissions, Security Sandboxing & Update Management Proposal · Issue #52116 · microsoft/vscode