pollyfill.io security issue - I've had an email from Google

All WYSIWYG Web Builder support issues that are not covered in the forums below.
Forum rules
IMPORTANT NOTE!!

DO YOU HAVE A QUESTION OR PROBLEM AND WANT QUICK HELP?
THEN PLEASE SHARE A "DEMO" PROJECT.



PLEASE READ THE FORUM RULES BEFORE YOU POST:
http://www.wysiwygwebbuilder.com/forum/viewtopic.php?f=12&t=1901

MUST READ:
http://www.wysiwygwebbuilder.com/getting_started.html
WYSIWYG Web Builder FAQ
Post Reply
User avatar
atb
 
 
Posts: 35
Joined: Tue Jan 19, 2010 10:18 pm

pollyfill.io security issue - I've had an email from Google

Post by atb »

Hello
I'm a little confused about an email I've had from Google Cloud Platform (copy and pasted below vvv).
It's saying (I think) that one of my websites is using a service called pollyfill.io which is causing a security issue and I should remove it from my website.
I have 3 websites all built with WB. Is this a WB thing?
Another problem I have is it tells me the name of the project that's using the pollyfill.io service but it means nothing to me - absolute-pulsar-164515 so I'm not even sure which of my 3 websites it could be.
Can anyone shed any light on what this is all about and how I go about resolving it? (Sorry if its not a WB thing!)

thanks
ATB


Quote>>>>>
[Security Alert]: Polyfill.io Issue for Google Maps Platform users
29/06/2024, 00:04

Hello Google Maps Platform Customer,

We're writing to let you know that a security issue may be affecting websites using specific third-party libraries (including polyfill.io).

What happened

We have become aware of a security issue that may be affecting websites using specific third-party libraries (including polyfill.io). This issue can sometimes redirect visitors away from the intended website without website owner knowledge or permission, or potentially cause other malicious behavior. Many of the Maps JavaScript API samples in the Developer Documentation previously included a polyfill.io script declaration. We have removed this from those samples. If you have used the Maps JavaScript API samples that contain this declaration, we recommend removing the declaration.

What to do

Please see below to learn how to take action, if needed:

Investigate your website: Check your website's code to see if you're loading any compromised libraries (including polyfill.io).

Remove or replace the code: If you find compromised libraries, consider:

Hosting a clean, secure version of the code yourself

Switching to an alternative library or provider

Removing the library if you don’t need it

Re-deploy your code through your regular process.

For your reference, attached is a list of your projects where we have detected Maps Javascript API usage. Please check all sites associated with these projects.
User avatar
Pablo
 
Posts: 22472
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: pollyfill.io security issue - I've had an email from Google

Post by Pablo »

Polyfill.io has nothing to do with WWB.
Maybe you have added the code yourself?
User avatar
atb
 
 
Posts: 35
Joined: Tue Jan 19, 2010 10:18 pm

Re: pollyfill.io security issue - I've had an email from Google

Post by atb »

thanks for your reply Pablo.
I thought that might be the case. I'll have to do some investigating.
Post Reply