Polyfill.IO

Polyfill.io is a service designed to deliver polyfills, which are small pieces of JavaScript code that enable modern web features to function on older browsers. It automatically detects the user`s browser and provides only the necessary polyfills, ensuring compatibility across different versions without overburdening modern browsers with unnecessary code. However, in February 2024, Polyfill.io was involved in a significant cybersecurity incident after its domain was acquired by a Chinese company, Funnull. The service began injecting malicious code into over 100,000 websites through a supply chain attack. The malicious code primarily targeted mobile users, redirecting them to fraudulent websites such as sports betting sites. Google and other companies responded by suspending ads on compromised websites, and alternative, secure mirrors were set up by Fastly and Cloudflare to mitigate the attack​ SECURITYWEEK TLDR: As a result, it is strongly advised to remove any use of the original Polyfill.io CDN from websites due to potential security risks​.