Yesterday, a CDN was hacked and malicious JS was served to a number of domains. Most websites make use of CDNs to serve up JS so as to reduce page load time. How do we protect ourselves from such attacks?
I posed a similar question on Sec.SE some time back. Subresource Integrity is a new security feature that will save you. The code will not execute if there is a hash mismatch. Just don't use this on rolling releases that reuse the same URLs.
1 2 3