Two critical vulnerabilities in plug-ins for Microsoft’s Visual Studio Code editor are now patched. Security firm Snyk warns that popular extensions could put development environments in jeopardy. The vulnerabilities could allow an attacker to execute malware by tricking a developer into clicking a link. The two extensions account for more than 600,000 downloads in the VS Code Marketplace. The research should raise concerns about whether other extensions have similar problems, says researcher. “I believe this is only the tip of the iceberg,” Kirill Efimov says.”]