Home ยป Notification: Polyfill Sneakily Injecting Code to Lure Users to Gambling Websites Fastly, Cloudflare Hosting Code in lieu of Original Site

Notification: Polyfill Sneakily Injecting Code to Lure Users to Gambling Websites Fastly, Cloudflare Hosting Code in lieu of Original Site

The Polyfill project, a JavaScript framework for implementing new features in older browsers, injects code to lure users into gambling websites if the victim site pulls in JavaScript through the domain cdn.polyfill.io, which is a previously benign website.
Andrew Betts, the creator of the Polyfill project, clarifies that he is not the original owner of the domain, which was later sold to a Chinese company without his knowledge. Another reason to consider discontinuing the use of Polyfill is that modern browsers now have similar feature completeness.
For websites still using Polyfill and unable to remove it, Cloudflare and Fastly have announced hosting alternatives available for migration. Additionally, Google has started blocking websites that use Polyfill.io for advertising.
Source – Sansec

TLDR: The Polyfill project injects code to lure users into gambling websites, prompting considerations for discontinuing its use due to modern browsers’ feature completeness. Cloudflare and Fastly offer hosting alternatives, while Google blocks websites that use Polyfill.io for advertising.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Resumption of X Services for Many Users in Brazil as Migration to Operate via Cloudflare Takes Effect.

Cloudflare to Launch AI-Powered Firewall for Advanced Defense Against Prompt Injection

Cloudflare emerges victorious in patent infringement case against malicious Patent Troll, compelled to concede defeat and release patent to the public eye