If you are one of those who use the basic Android browser (the one that is included by default in many terminals) and that is based on open source WebKit, you should know that in this a security flaw has been discovered that can be exploited to execute unauthorized actions that can put security at risk from your terminal.
The first thing to know is that the hole affects the basic navigation that was included in the operating system before Google decided to use Chrome, but the truth is that there are a good number of users who still use it regularly (this is one of the fragmentation problems that the Mountain View operating system has). These are the ones that may have problems and the percentage can rise up to 40% of users who have an Android terminal, as some manufacturers have created their own developments based on open source WebKit.
The fact is that, taking advantage of the known vulnerability, it is possible to execute JavaScript code with “exploits”, read the terminal cookies, know stored passwords and even send emails. All this without the user having to confirm anything. This is achieved, according to its discoverer (Rafay baloch), bypassing the SOP security policy (which protects against the execution of scripts not allowed with the browser). The fact is that the vulnerability exists and, therefore, caution must be exercised when browsing certain pages.
Is it a very dangerous vulnerability?
If you are using the most current versions of Android, such as the KitKat, the risk is almost non-existent (despite the fact that some parts of the old one that is affected are used in the Chrome browser), hence the importance of regularly updating the operating system -and that manufacturers launch them and offer them quickly- .
The fact is that if the latest usage data from Android distributions are taken into account -where KitKat was 25% of the market-, it is estimated that a 40% of users could be affected (Yes, they should come across very specific code on the websites they visit, which also reduces the potential danger that exists.) Almost all of them with old devices and that are not well updated when it comes to software.
Also, there is a very simple solution: install and use a browser other than the basic one that is included in old versions of Android. An example can be Chrome, Firefox or Dolphin. In any case, it has already been communicated by Google that the problem has been known and has been reproduced, so work is being done to solve it. In addition, the controlled use of the pages that are accessed is also something that allows to reduce the risks almost entirely. The fact is that it is a new episode of security issues in Google's operating system.
Source: ArsTechnica