Worth grepping your source code for "polyfill.io" and taking urgent measures to remove that code if you're linking it into your site - the domain name apparently now intermittently serves malicious JavaScript
My notes here: https://simonwillison.net/2024/Jun/25/polyfill-supply-chain-attack/ - or read this article https://sansec.io/research/polyfill-supply-chain-attack
Simon Willison /
npub13v…4w5eu
2024-06-25 22:31:30
Author Public Key
npub13v97j0kknscwnf5pt87nsn7cxzxwfwl3dsu7ss8qsq7ukmqgwg8q84w5euPublished at
2024-06-25 22:31:30Event JSON
{
"id": "4f750f5e15f94dfb09eb988e2e459a755aa18480ef9ccf28699266ef1333768e",
"pubkey": "8b0be93ed69c30e9a68159fd384fd8308ce4bbf16c39e840e0803dcb6c08720e",
"created_at": 1719354690,
"kind": 1,
"tags": [
[
"proxy",
"https://fedi.simonwillison.net/users/simon/statuses/112679629018556753",
"activitypub"
]
],
"content": "Worth grepping your source code for \"polyfill.io\" and taking urgent measures to remove that code if you're linking it into your site - the domain name apparently now intermittently serves malicious JavaScript\n\nMy notes here: https://simonwillison.net/2024/Jun/25/polyfill-supply-chain-attack/ - or read this article https://sansec.io/research/polyfill-supply-chain-attack",
"sig": "13ec59cb96aab795c7412b030ddab642f02b02a07487adabb9872901f4b7564ac9ca889b70e9fbf6e7f6e559e0bfa195fbc059dac913b2b8a6eb0d4a7d7d46da"
}