Visual Studio Live Share Spoofing Vulnerability

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host. An attacker who successfully exploited this vulnerability could cause a connected guest’s computer to open a browser and navigate to a URL without consent from the guest.

To exploit the vulnerability, an attacker would need to host a Live Share session and convince a targeted user to connect to the session.

The update addresses the vulnerability by prompting the Live Share guest for consent prior to browsing to the host-specified URL.