This is a core VS Code vulnerability, the remote development extension is mentioned because this vulnerability can be used to "take over the computer of a Visual Studio Code user and any computers they were connected to" using the remote development extension.