"This functionality is achieved by github.com POSTing over an OAuth token to github.dev that allows it to interact with GitHub on your behalf," researcher Ammar Askar wrote, summing up the exploit he published that lets attackers steal GitHub authentication tokens with a single click.
Ammar Askar's exploit and public disclosure
On Tuesday, security researcher Ammar Askar published a blog post and released proof‑of‑concept code for a Visual Studio Code (VS Code) zero‑day. The exploit abuses VS Code's sandboxed webview message‑passing system to run malicious JavaScript inside a webview, simulate keypresses in the main editor, and install an extension that extracts the GitHub OAuth token sent to github.dev.
Askar said he notified GitHub one hour before public disclosure and that he chose immediate public disclosure in part because of a prior negative experience reporting VS Code bugs through Microsoft's Security Response Center (MSRC). He wrote that a previous report was "silently fixed" without credit or acknowledgement of security impact, and that "going forward I would be doing full public disclosure for any security bugs I found in VSCode."
How the VS Code webview exploit steals GitHub OAuth tokens
The proof‑of‑concept works by exploiting message passing between a webview and the main VS Code editor. According to Askar, the malicious code simulates user input to install an extension that then captures the OAuth token github.com POSTs to github.dev. The captured token is not limited to the specific repository the user interacted with; Askar said the token "is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to."
After extracting the token, the exploit queries the GitHub API to enumerate all private repositories the victim can access, giving an attacker visibility into potentially sensitive source code and resources tied to that account.
Immediate mitigation: clear github.dev cookies and site data
Askar and the advisory note that the vulnerability is unpatched and has not yet been assigned a CVE ID. They provide a practical mitigation for users of the browser‑based github.dev: clear cookies and local site data for github.dev via the browser Settings icon in the URL bar, then Cookies and site data > Manage on‑device site data.
Clearing that data will force github.dev to prompt an explicit sign‑in warning when a link attempts to trigger the abusive flow; users will see a "The extension 'GitHub Repositories' wants to sign in using GitHub." warning before the token is passed, interrupting the one‑click theft vector.
Microsoft Security Response Center, past zero‑day disclosures, and reactions
The release arrives amid a stream of zero‑day disclosures affecting Microsoft products by another researcher using the handle "Nightmare Eclipse," who disclosed several flaws — including BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend — over recent months. The source notes that BlueHammer and RedSun were later observed being exploited in attacks.
Microsoft's initial public reaction to those leaks included threats of legal action, followed by a tweet saying the company "will work with law enforcement as appropriate" when "an individual breaks the law and engages in malicious activity causing real harm to our customers." BleepingComputer reached out to Microsoft for comment on the VS Code zero‑day, but a response was not immediately available.
What this means for technologists, end users, and GitHub
- Technologists and security teams: expect untrusted links aimed at github.dev to be a practical attack vector until a patch is released. The exploit demonstrates how webview message‑passing can be abused to install extensions and exfiltrate OAuth tokens; teams should consider temporary policies limiting browser‑based github.dev use for sensitive accounts and monitor for anomalous GitHub API activity.
- End users and developers: follow the immediate mitigation steps — clear cookies and local site data for github.dev — and heed the "The extension 'GitHub Repositories' wants to sign in using GitHub." prompt when it appears. That prompt is the explicit checkpoint Askar says will interrupt the exploit.
- GitHub: the researcher notified GitHub one hour before disclosure. The disclosure underscores the cross‑product nature of the issue — an OAuth flow from github.com interacting with github.dev inside a VS Code webview — which implicates coordination between GitHub and the VS Code maintainers to produce a permanent fix.
The exploit, the unpatched status, and the broader friction around coordinated disclosure described by Askar leave a tight timeline between discovery and potential abuse. For now, clearing github.dev site data and watching for the sign‑in prompt are the concrete steps available to users while the vendors involved determine a permanent remediation.




