Hi
I also received the notification. It is a warning that clearly relates to the use of maps. We got the message, because we have a project on google cloud to integrate the google maps api.
I’ve found several posts related to the issue.
1 – Polyfill.io, a domain used by more than 110,000 websites to deliver javascript code, has been used for a supply chain attack, potentially leading to data theft and clickjacking attacks.
https://www.spiceworks.com/it-security/cyber-risk-management/news/polyfill-supply-chain-attack-infects-websites/
2 – It’s important to clarify that, while the utility of polyfills today is somewhat debatable, the problem is not in the library’s code itself. This is a deliberate malicious act by the new owners of one (but the most popular) 3rd-party CDN service that distributes the library.
Note also that WordPress bundles a local copy of the library (/wp-includes/js/dist/vendor/wp-polyfill.min.js). If these plugin and theme developers are following basic WordPress coding standards, they should be enqueuing the local copy instead of hotlinking to an external one.
Best Regards
Manu