Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)

The summary highlights the discovery of three vulnerabilities in popular third-party Visual Studio Code (VSCode) extensions: GitLens and GitHub Pull Requests and Issues, both with millions of installs. The vulnerabilities are related to Markdown injection, which allows attackers to inject malicious code into VSCode's UI. These vulnerabilities can be exploited by users interacting with the affected extensions in untrusted workspaces or through specific actions such as clicking on links or installing extensions. The fixes for these vulnerabilities have been implemented by the respective extension developers, and the affected versions have been updated to prevent exploitation. The discovery of these vulnerabilities emphasizes the importance of security in third-party extensions and highlights the need for users to stay up-to-date with the latest version of VSCode and its extensions.