Worth grepping your source code for "polyfill.io" and taking urgent measures to remove that code if you're linking it into your site - the domain name apparently now intermittently serves malicious JavaScript
My notes here: https://simonwillison.net/2024/Jun/25/polyfill-supply-chain-attack/ - or read this article https://sansec.io/research/polyfill-supply-chain-attack
Simon Willison /
npub1gv…utlwl
2024-06-25 22:31:30
Author Public Key
npub1gv26rplqyjqcfyhxryuqjwaxs0dwve3y6gpv6smn3hjm3wse3s8squtlwlPublished at
2024-06-25 22:31:30Event JSON
{
"id": "4417a915e01226a7c0abddd0db38472d0947c1daf73f874b33646ade97879fe0",
"pubkey": "4315a187e024818492e61938093ba683dae66624d202cd43738de5b8ba198c0f",
"created_at": 1719354690,
"kind": 1,
"tags": [
[
"proxy",
"https://fedi.simonwillison.net/@simon/112679629018556753",
"web"
],
[
"proxy",
"https://fedi.simonwillison.net/users/simon/statuses/112679629018556753",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://fedi.simonwillison.net/users/simon/statuses/112679629018556753",
"pink.momostr"
],
[
"expiration",
"1721948091"
]
],
"content": "Worth grepping your source code for \"polyfill.io\" and taking urgent measures to remove that code if you're linking it into your site - the domain name apparently now intermittently serves malicious JavaScript\n\nMy notes here: https://simonwillison.net/2024/Jun/25/polyfill-supply-chain-attack/ - or read this article https://sansec.io/research/polyfill-supply-chain-attack",
"sig": "5542a5ff791a4712fbfec96115bdc947a844543cc1d0f5785064c09d258d2cad97cce772913fec2938422a6bb0e59c71a955bdf4df34057860ca9cc841d51db3"
}