[ISN] Android browser flaw found to leak data

http://www.csoonline.com/article/2690910/application-security/android-browser-flaw-found-to-leak-data.html By Antone Gonsalves CSO Oct 2, 2014 A security researcher has found another flaw in the Android browser that a cybercriminal could use to steal sensitive data. The latest same-origin policy (SOP) bypass vulnerability is the second discovered by researcher Rafay Baloch, who discovered the first, CVE-2014-6041, last month. The vulnerability is in how Javascript is handled by the Android function responsible for loading frame URLs. The SOP is supposed to prevent JavaScript from one Web page accessing content from another page. However, the flaw enables that barrier to be bypassed, so an attacker can read the content of browser tabs, when the user visits a page controlled by the attacker. […]