How does Visual Studio Code protect against remote code execution vulnerabilities in extensions? With the release of Visual Studio Code 1.57, a new feature was added called Workspace Trust. This new feature allows developers to open unfamiliar code or extensions in Restricted Mode with the option to later mark the code as trusted. Restricted Mode works to prevent the automatic execution of code by restricting accessing to certain VS Code features. More details about this new functionality can be found here - https://code.visualstudio.com/updates/v1_57#_workspace-trust.
Kc Udonsi (@glitchnsec) of Trend Micro Security Research working with Trend Micro Zero Day Initiative, <a href="https://twitter.com/sven_to">Sven Nobis</a> of <a href="https://www.ernw.de">ERNW GmbH</a>, <a href="https://daviddworken.com/">David Dworken</a>, Ron Masas, <a href="https://hackk.io?cve=CVE-2021-34529">Hackk.io</a>, <a href="https://www.linkedin.com/in/timofte-daniel/">Timofte Daniel</a> (<a href="https://twitter.com/tim17d">@tim17d</a>), Ash Fox, Google Security Team