Hacker News new | past | comments | ask | show | jobs | submit login

You mean the IA included some JS polyfill from a subdomain and that's what's compromised / where the alert is coming from?



Yup.

https://news.ycombinator.com/item?id=41792651


yes, "https://polyfill.archive.org/v3/polyfill.min.js?features=fet..." is the URL with the malicious code


It looks like it is running the service that was part of the supply chain attacker earlier this year. https://github.com/polyfillpolyfill/polyfill-service/issues/...


The service was fine, it was the "official" hosted instance of the service which was compromised. IA appears to be running their own instance.


That was a DNS hack of polyfill.io though right? This looks like it was/is self hosted.


Yeah I'm getting this exact response from the above URL now:

https://sourcegraph.com/github.com/polyfillpolyfill/polyfill...

Seems like they self hosted that service


Correct. The source subdomain of the popup seems to be hxxps[:]//polyfill[.]archive[.]org




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: