The Polyfill project, a JavaScript framework for implementing new features in older browsers, injects code to lure users into gambling websites if the victim site pulls in JavaScript through the domain cdn.polyfill.io, which is a previously benign website.
Andrew Betts, the creator of the Polyfill project, clarifies that he is not the original owner of the domain, which was later sold to a Chinese company without his knowledge. Another reason to consider discontinuing the use of Polyfill is that modern browsers now have similar feature completeness.
For websites still using Polyfill and unable to remove it, Cloudflare and Fastly have announced hosting alternatives available for migration. Additionally, Google has started blocking websites that use Polyfill.io for advertising.
Source – Sansec
TLDR: The Polyfill project injects code to lure users into gambling websites, prompting considerations for discontinuing its use due to modern browsers’ feature completeness. Cloudflare and Fastly offer hosting alternatives, while Google blocks websites that use Polyfill.io for advertising.
Leave a Comment