For the past couple of weeks, everyone has been talking and focusing on the Shellshock exploit. This might put another serious vulnerability found in all pre-4.4 versions of Android a little in the background.
Nevertheless, the Android Browser SOP bypass is a very serious vulnerability, as it allows an attacker to read the contents of other tabs in a browser when a user visits a page the attacker controls. The vulnerability was first disclosed in late August 2014, but there has not been much in the way of public discussion of it. Exploiting the flaw is a straightforward matter and allows the attacker to bypass the same-origin policy in the Android browser.
Category: Inside 1&1 | Technology & Development