Vulnerable extensions could be exploited to run arbitrary code on a developer’s system remotely. The extensions include “LaTeX Workshop,” “Rainbow Fart,” “Open in Default Browser,” and “Instant Markdown” Some of the extensions have cumulatively racked up about two million installations between them. The findings are important in light of a series of security incidents that show how developers have emerged as a lucrative attack target, what with threat actors unleashing a variety of malware to compromise development tools and environments.
Source: https://thehackernews.com/2021/05/newly-discovered-bugs-in-vscode.html