Security Alert: Polyfill.io Compromise Affecting Google Maps Platform Integration

[khushi-sattvabit]

Issue Description

I have received a security alert from the Google Maps Platform team regarding a potential security issue affecting websites using specific third-party libraries, including Polyfill.io. This issue can redirect visitors away from the intended website without the owner's knowledge or permission or cause other malicious behavior.

Help wanted

We need assistance in:

1. Investigating the potential security vulnerabilities in the Polyfill.io library.
2. Identifying secure alternatives to Polyfill.io.
3. Guidance on best practices for replacing or securing the Polyfill.io script in our projects.
4. Steps to ensure our Next.js project remains secure and functional.

Environment

Next.js version: 14.1.0 Polyfill.io version: 0.6.2 Google Maps JavaScript API version: 2.19.3

[opoveshchenko]

I have the same issue "@react-google-maps/api": "^2.19.2",

[service-paradis]

Cloudflare is probably the best alternative: https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk

[JustFly1984]

There is no polifil.io in @react-google-maps/api dependencies. False alarm.