Waning from Google

Started by rienvanham, June 30, 2024, 05:51:21 PM

Previous topic - Next topic

rienvanham

Hi Mario,

I received a warning-email fro Google which states:

[Security Alert]: Polyfill.io Issue for Google Maps Platform users
6/29/24, 12:49 AM

Hello Google Maps Platform Customer,
We're writing to let you know that a security issue may be affecting websites using specific third-party libraries (including polyfill.io).
What happened
We have become aware of a security issue that may be affecting websites using specific third-party libraries (including polyfill.io). This issue can sometimes redirect visitors away from the intended website without website owner knowledge or permission, or potentially cause other malicious behavior. Many of the Maps JavaScript API samples in the Developer Documentation previously included a polyfill.io script declaration. We have removed this from those samples. If you have used the Maps JavaScript API samples that contain this declaration, we recommend removing the declaration.


Do have to do anywhting with this message?

Thanks in advance,

Rien.

Mario

Google thinks you are a developer (because you have an API key).
Google samples provided with the MAP SDK relied in part on Polyfill.io to deal with different browsers and versions. The Polyfill.io web site was recently hacked and malicious code was introduced, putting web sites and apps at risk which use Polyfill.io - like the samples in the Google SDK. In case you were a developer and have used code from the examples in your own web site or app.

IMatch does not use Polyfill.io.

In fact, I try hard to reduce external dependencies for exactly this reason - to avoid issues in IMatch when one of the popular repositories like NPM or GitHub or whatever. Such attacks become more common since poisoning the supply chain by adding malicious code for services and repositories used by popular web sites and apps is of course a very desirable thing for the lowlifes out there on the internet.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook

rienvanham

#2
Hi Mario,

Thanks for your explanation! iMatch is the only software where I use this API-key. I was a little bit concerned because Google wrote in his email:

Dear Google Cloud customer,
You've received an important Google Cloud notification affecting your resource, imatch-dam's Google Cloud service(s).


(but it could be that I created this name when creating the key).

Thanks again,
Rien.

Mario

That's the name you've used when creating the project for the API key.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook