Before You Click 'Add To Browser': Why Extensions Are The Next Enterprise Attack Surface

Installing an extension takes seconds, but the access it gains can persist for months or years across every site and session ...
Infosecurity-magazine.com

Malicious VS Code Extensions Exploit Name Reuse Loophole

A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows threat actors to reuse names of previously removed packages.