1-Click GitHub Token Stealing via a VSCode Bug
A VSCode webview bug allows attackers to steal GitHub tokens with full read-write access by clicking a link to a malicious Jupyter notebook.
VSCode's github.dev web editor receives a GitHub OAuth token with no repo-scoping and runs VSCode's million-line TypeScript codebase in the browser. The vulnerability exploits VSCode's webview security model, which uses iframes with postMessage API for cross-origin communication. A keydown event handler in webviews allows JavaScript to simulate keypresses, bypassing typical browser isolation. An attacker can craft a Jupyter notebook that emits Ctrl+Shift+A to accept a recommended extension notification, then Ctrl+F1 to trigger installation of a malicious extension via a custom keybind in a local workspace extension's package.json. The installed extension accesses the GitHub API token and queries private repositories. The proof-of-concept demonstrates full token exfiltration. Users can mitigate by clearing github.dev site data and local storage.
The author disclosed this to Microsoft Security Response Center in 2023, which silently patched it without acknowledgment or credit. The full disclosure comes after the vendor's dismissive response to security research.
What HN community is saying
The thread centers on criticism of MSRC's handling: commenters note the vendor silently patched the bug and closed the report as invalid without crediting the researcher, a pattern several have experienced. One commenter observes that github.dev's fundamental flaw is storing a full-scope GitHub token at all; better design would use temporary per-repo tokens like Codespaces does, limiting malware impact. Internal Microsoft communication failures may explain some issues (bugs patched before security team assessment), but commenters reject this as excusing the external harm. A few mention alternatives like Zed or SSH keys, though none fully solve the github.dev problem.