I got a warning from Google saying that my website is using Polyfill framework on Google Maps: "Notification Title: [Security Alert]: Polyfill.io Issue for Google Maps Platform users". It advised users to remove Polyfill.io, see link: https://www.kaspersky.com/blog/polyfill-io-service-supply-chain-attacks/51635/
After looking though my codebase(s) I have found other places where the Polyfill framework is used, like PHPMailer (https://github.com/PHPMailer/PHPMailer, click on the composer.json file) and PHP dotenv (https://github.com/vlucas/phpdotenv, click on the composer.json file).
Here is more information on why it's advised to remove Polyfill, see link: https://github.com/formatjs/formatjs/issues/4363
I contacted the team at PHP dotenv just now, and so I'm still awaiting a response. I may have found a good replacement simply called dotenv, see link: https://github.com/symfony/dotenv. I cannot swear by this solution as I haven't had the opportunity to try it yet.
The problem is I haven't found a good alternative to PHPMailer.
Is anyone else facing the same problem? Any solutions yet?
PS: Just how severe is this? To put it short, it seems my visitors can be directed to shady betting websites and/or give up data unwaveringly, right...?
EDIT: I'm sorry if I scared any other newbies on PHP out there. Here is another Stack Overflow answer regarding this issue: [Security Alert]: Polyfill.io Issue for Google Maps Platform users in Angular
Please see Arthur Boucher's answer below!
There seems to be some confusion between the website polyfill.io
and the concept of a polyfill. A polyfill is simply a library that adds backwards-compatibility to modern language or library features. The polyfills used in the PHP libraries you're linking to aren't provided by polyfill.io, and thus aren't affected by the issue.