Google Maps security notification

  • Resolved bdd

    (@bws-online)


    4 months, 4 weeks ago

    Received a Google Maps security notification yesterday titled “[Security Alert]: Polyfill.io Issue for Google Maps Platform users” — is that a concern for this plugin? Here’s what it said:

    We have become aware of a security issue that may be affecting websites using specific third-party libraries (including polyfill.io). This issue can sometimes redirect visitors away from the intended website without website owner knowledge or permission, or potentially cause other malicious behavior. Many of the Maps JavaScript API samples in the Developer Documentation previously included a polyfill.io script declaration. We have removed this from those samples. If you have used the Maps JavaScript API samples that contain this declaration, we recommend removing the declaration.

    1. Investigate your website: Check your website’s code to see if you’re loading any compromised libraries (including polyfill.io).
    2. Remove or replace the code: If you find compromised libraries, consider:
      • Hosting a clean, secure version of the code yourself
      • Switching to an alternative library or provider
      • Removing the library if you don’t need it
    3. Re-deploy your code through your regular process.
    The Google Maps Platform Team

    Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author chrisvrichardson

    (@chrisvrichardson)

    HI,

    Good question – but I don’t think it’s a concern. The infected code was on Google’s web sites with map examples. MapPress doesn’t use any polyfills, and neither does the Maps API.

    Thread Starter bdd

    (@bws-online)

    Thanks for the reply. At the bottom of the notification message, they’d said:

    For your reference, attached is a list of your projects where we have detected Maps Javascript API usage. Please check all sites associated with these projects.

    And the attachment listed the site where I use MapPress, so I wanted to check in to be sure. Guess they were concerned about third-party usage in the past that might’ve used polyfills?

    Either way, sounds like we’re okay on this. ?? Thanks.

    polyfill is core in wordpress, I think this error is a mistake by Google.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.