One-Click GitHub.dev Attack Steals Full OAuth Tokens via VS Code

Cybersecurity researchers have disclosed a critical one-click attack chain that abuses Microsoft Visual Studio Code (VS Code) webviews to steal fully scoped GitHub OAuth tokens. Discovered by researcher Ammar Askar, the exploit triggers when a user simply clicks a malicious link, granting attackers a token capable of reading and writing to all repositories the victim can access, including private ones. The attack specifically targets GitHub.dev, a lightweight browser-based source code editor that runs a VS Code environment through github.com, which POSTs an OAuth token to github.dev to let the editor interact with GitHub on the user's behalf. Because that token is not restricted to a single repository, it effectively serves as a master key to the victim's entire GitHub account.

The attack exploits the message-passing mechanism between the main VS Code window and embedded webviews, which are normally used for rendering Markdown previews or editing Jupyter notebooks. By executing malicious JavaScript inside an untrusted webview, the attacker can simulate keypress events, invoke the Ctrl+Shift+P Command Palette, and install an attacker-controlled extension without triggering the standard publisher trust prompt. The bypass works by abusing VS Code's local workspace extensions feature, which allows any extension placed in the .vscode/extensions folder of a workspace to load directly, combined with a crafted keybinding that automates the install command. Once installed, the extension harvests the GitHub OAuth token, queries the GitHub API, and enumerates every private repository accessible to the victim. Organizations concerned about compromised credentials can verify exposure using a email breach checker to see if associated accounts have appeared in known leaks.

The researcher notified GitHub of the vulnerability on June 2, 2025, and disclosed technical details roughly an hour later, citing Microsoft's historically slow response to VS Code-related security issues. Microsoft has since acknowledged the issue and confirmed it is developing a fix, with partner software engineering manager Alexandru Dima clarifying that the flaw does not impact VS Code Desktop installations. Developers are advised to audit installed extensions, rotate any GitHub personal access tokens, and review API activity logs for unexpected calls. Users handling sensitive credentials should also strengthen account hygiene by running a password checker to ensure no associated secrets are weak, and verify browser session integrity through a browser fingerprint test to detect tracking or session-hijacking attempts that often accompany OAuth-based attacks.