Deliberative Loading of a Global Polyfill: Compromise Simulation and OSINT Analysis
Deliberative Loading of a Global Polyfill: Compromise Simulation and OSINT Analysis

Author(s): Adelaida STĂNCIULESCU, Ioan C. BACIVAROV
Subject(s): Politics / Political Sciences, Politics, Economy, Security and defense, ICT Information and Communications Technologies
Published by: Asociatia Romana pentru Asigurarea Securitatii Informatiei
Keywords: CDN security; Client-side integrity; Polyfill compromise; Simulation testing; Supply-chain vulnerability
Summary/Abstract: Modern web projects frequently rely on third-party packages and services (CDN, polyfills providers) to ensure compatibility. A polyfill that modifies global objects (e.g. Array.prototype) provides convenient compatibility, but introduces a single point of failure: compromising that provider can lead to the distribution of malicious code to all pages that include it. The purpose of the study is to demonstrate, in a controlled manner, the effects of installing a global polyfill and to show how exposures can be identified and quantified through ethical OSINT techniques. This paper presents a reproducible methodology for simulating the scenario where a polyfill It installs its functionality globally (Array.prototype.findLast () as an example) and thereby expands the attack surface of web applications. Using a controlled environment and ethical OSINT techniques to map adoption and exposure in the public space, the paper assesses operational risks and proposes technical mitigation measures. The methodological emphasis is on reproducibility, non-intrusiveness and validation based on public evidence.

• Details
• Contents