Polyfill.io

Polyfill.io is a service that provides polyfills for web technologies, allowing developers to use modern JavaScript features in older browsers. Polyfills are code snippets that replicate the functionality of newer browser features in older browsers that do not support them. Polyfill.io dynamically serves the necessary polyfills based on the user agent of the requesting browser, ensuring that users receive the appropriate code for their browser version. This helps developers maintain compatibility across different browsers and deliver a consistent user experience. Cybersecurity concerns have arisen due to a significant supply chain attack involving the Polyfill.io CDN (Content Delivery Network). In February 2024, the service was sold to a Chinese company named Funnull. Shortly after the acquisition, malicious code was introduced into the Polyfill.io CDN, affecting over 100,000 websites. The malicious code redirected users to spam sites and sports betting sites. The attack was sophisticated, with the malware dynamically generated based on HTTP headers and employing defenses against reverse engineering. Website maintainers were advised to remove the Polyfill.io script immediately to mitigate the risk.