Docker Desktop prior to 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: prior to 4.23.0.
docker docker desktop