Jump to content

Recommended Posts

Posted

Hi Team,

I got the email below from CloudFlare. I am not sure whether this applies to the IPS software or not. Thanks.

Quote

Dear Customer,

A website under your account is loading JavaScript libraries from a third-party service called polyfill{.}io. This service has been observed serving malicious content.

To reduce the risk of your users loading malicious code, we strongly advise you remove any links to the polyfill{.}io domain by replacing them with an alternative service such as https://cdnjs.cloudflare.com/polyfill/. You can also use Page Shield, our client side security solution, to identify which pages are serving links to the library – here is how to get started.

polyfill{.}io is a popular JavaScript library service used by many thousands of sites across the Internet. Cloudflare and its customers are not specific targets.

In February 2024, the polyfill{.}io domain was transferred to a new owner, which raised concerns. Cloudflare stood up an alternative service to address those concerns, described in our blog post. A report just released by Sansec on June 25, 2024, disclosed that the entity now running the polyfill{.}io service had injected malware into JavaScript libraries hosted under the domain. Examples of URLs which have been serving the malicious code include:

https[:]//polyfill(.)io/v3/polyfill.min.js
https[:]//cdn(.)polyfill(.)io/v2/polyfill.min.js
https[:]//cdn(.)polyfill(.)io/v3/polyfill.min.js
https[:]//polyfill(.)io/v3/polyfill.js
https[:]//cdn(.)polyfill(.)io/v2/polyfill.js
https[:]//cdn(.)polyfill(.)io/v1/polyfill.min.js
https[:]//polyfill(.)io/v2/polyfill.min.js
https[:]//cdn(.)polyfill(.)io/v3/polyfill.js
https[:]//polyfill(.)io/v2/polyfill.js

We will provide additional updates as available.

Thanks,
The Cloudflare Team

 

Posted (edited)

Okay, I found out what is going on thanks to an email from Google. It seems some of their Google Maps JS (?) was also using polyfill.io:

Quote

What happened
We have become aware of a security issue that may be affecting websites using specific third-party libraries (including polyfill.io). This issue can sometimes redirect visitors away from the intended website without website owner knowledge or permission, or potentially cause other malicious behavior. Many of the Maps JavaScript API samples in the Developer Documentation previously included a polyfill.io script declaration. We have removed this from those samples. If you have used the Maps JavaScript API samples that contain this declaration, we recommend removing the declaration.

 

The text doesn't explicitly say they were using it too (only examples), but nothing else comes to mind since I don't use that JS library on my site, either. 🙄

Edited by teraßyte
Posted
5 minutes ago, sadams101 said:

I got this warning as well, do we need to do anything? I do use google maps, and I also don't see anything on my site that calls polyfill.io.

Google is sending it out to all it's customers who use Maps and other examples due to their examples included it. If you're using the integration which comes with the software, we do not implement it.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...