VSCode vulnerability allows one-click theft of GitHub tokens
A newly disclosed vulnerability in Visual Studio Code enables attackers to steal authentication tokens and access private repositories with a single click, following public disclosure due to dissatisfaction with Microsoft’s security response handling.
A security researcher has identified a critical vulnerability in Visual Studio Code that allows attackers to steal GitHub authentication tokens with a single click. The exploit specifically targets the github.dev browser-based editor, leveraging a flaw in how webviews handle keyboard events to simulate user input. This allows malicious code within a Jupyter notebook to install a rogue extension, which then exfiltrates the user's token and private repository data. The issue affects both the desktop and web versions of the application, though the web version is more susceptible to one-click exploitation via links.
The vulnerability centres on the Window.postMessage() API used by VSCode to facilitate communication between the main window and embedded webviews, such as Jupyter notebooks. By simulating keyboard events, an attacker can trick the application into installing a malicious extension from an untrusted source, bypassing standard security checks. The attack vector involves malicious code within a Jupyter notebook installing a rogue extension, which then exfiltrates the user's token and private repository data.
Microsoft has patched the vulnerability, but the researcher publicly disclosed the details due to dissatisfaction with the Microsoft Security Response Center’s (MSRC) handling of previous reports. The researcher criticises MSRC for silently fixing previous bugs without credit and marking them as low severity, citing a recent Starlabs report on an XSS bug as evidence of poor security posture management.
The exploit bypasses the "trusted publisher" check by using local workspace extensions and custom keybindings defined in package.json. A proof-of-concept demonstrates that clicking a link to a malicious Jupyter notebook on github.dev can execute JavaScript to steal tokens and list private repositories. The researcher recommends clearing site data for github.dev to mitigate the risk, as the attack relies on existing session data and lacks CSRF tokens.
The vulnerability allows for remote code execution and data exfiltration via a single click. Users accessing github.dev via links are particularly susceptible. The exploit bypasses the "trusted publisher" check by leveraging local workspace extensions. Disclosure was driven by researcher dissatisfaction with vendor response, indicating potential ongoing friction in vulnerability reporting processes.
