Search

Contact Us

Log in

Go back to blog

Probely Security Scanner Enables Automated Detection for the Polyfill.io Supply Chain Attack

Tiago Mendo
Tiago Mendo

June 28, 2024 · 3 min read

This week, the cybersecurity community was alerted to a major new vulnerability that compromises the online security of countless users. We’re talking about the Polyfill.io supply chain attack.

It is estimated that over 100,000 applications have been affected by the Polyfill.io supply chain attack. After the Polyfill.io service was acquired by a Chinese company, malware was added to it and all sites using it started to automatically spread malware, redirecting users to phishing sites—one of the most common and dangerous cyber attacks.

Polyfill.io is a popular JavaScript library service that has the capacity to add modern functionality to older browsers, ensuring users have a consistent experience regardless of the browser's age or capabilities. Since the Polyfill.io service is used by hundreds of thousands of websites, this attack will probably have a devastating impact on the user safety and web integrity of several organizations.

Why is Polyfill.io a Threatening Vulnerability?

Polyfill.io is a JavaScript library that is compromised, affecting all applications using it and its users. When organizations use this third-party component their users will be redirected to malicious websites when clicking on links—but it can also happen automatically.

They can be subject, for example, to phishing attacks, where users are tricked into providing sensitive information such as bank details, password, among others. With this information, the attackers will be able to perform more serious attacks.

Fixing the Polyfill.io Supply Chain Compromise

While Probely identifies the vulnerability and points out the instances where a fix should be applied, removing the library is not a solution, as you might still need the functionality provided. In that case, we suggest that you replace all instances of malware-injected polyfill with Cloudflare’s alternative endpoint which is free from the malware injected after the acquisition. Cloudflare has fully implemented polyfill functionality and deployed it to https://cdnjs.cloudflare.com/polyfill/. Cloudflare’s implementation intends to be a stand-in, identical replacement for the original library – minified and unminified.

Probely Customers are Already on the Safe Side

This is a textbook example of a supply chain attack, where a third-party domain used by hundreds of thousands of sites was acquired by a malicious actor, who used it to spread malware.

At Probely, we immediately added a detection module to warn our customers if they were using this compromised component, protecting them against potential exploitation and ensuring their websites remain secure against such threats. This proactive measure helps safeguard their operations, which is one of our top priorities as an API and Web App Discovery and Vulnerability Testing Platform.

The automatic detection of the Supply Chain Compromise is running, and all Probely customers that were identified as “vulnerable” to this threat are safe and sound.

If you’re not sure about whether your organization is safe against this or any other threat, sign up for our fully-featured 14-day free trial and test the safety of your APIs and Web Apps.

Javascript
Web Application Security
Known Attacks
Vulnerability
Go back to blog