Protecting yourself from Polyfill.io malware as a user

2 min read Original article ↗

Sahil Gupta

TLDR; Read directly about the how to protect yourself here

What is pollyfill.io malware?

Polyfill.js is a JavaScript library designed to enable older browsers to support modern features that they lack natively. Widely used by developers, this library ensures a consistent user experience across various browser environments. However, in February 2024, a Chinese company acquired the domain polyfill.io and the associated GitHub account. Subsequently, the cdn.polyfill.io has been implicated in distributing malware. You can read more about it in details here.

Which websites are/were affected?

Here’s a list of some of the websites that uses polyfill.io.

xiaomi.com
theguardian.com
telegraph.co.uk
theverge.com
hulu.com
guardian.co.uk
9gag.com

How to know if any website is compromised or not?

If you see requests in network panel from any of these domains/urls, then the website is compromised

polyfill.io
bootcdn.net
staticfile.net
staticfile.org
unionadjs.com
xhsbpza.com
https://kuurza.com/redirect?from=bitget
https://www.googie-anaiytics.com/html/checkcachehw.js
https://www.googie-anaiytics.com/ga.js
https://cdn.bootcss.com/highlight.js/9.7.0/highlight.min.js
https://union.macoms.la/jquery.min-4.0.2.js
https://newcrbpc.com/redirect?from=bscbc

How to fix the vulnerability in a website?

To address the vulnerability associated with using polyfill.io, developers must update their websites by replacing the compromised library source with a safer alternative. If your website currently utilizes JavaScript served from polyfill.io, it is crucial to switch to a more secure CDN.

A reliable alternative is available at cdnjs, where you can access a trusted version of the polyfill library.

Protecting yourself from the malware as a user

Instead of relying on developers to fix the issue, you can protect yourself with these steps:

  1. Install Requestly Extension from here
  2. Import this shared list
  3. You are all good to go

💡 Now if any website uses polyfill.js from polyfill.io, it would get automatically redirected to a safer version without any malware.

How does Requestly do this?

Requestly helps frontend proxy which helps developers to test and debug their webapps without needing multiple deployment cycle. You can learn more about Requestly from here. https://requestly.com