A vulnerability in Android’s default Web browser lets attackers spoof the URL shown in the address bar. The vulnerability was discovered by a researcher named Rafay Baloch. Baloch discovered the flaw on Android 5.0 Lollipop, which uses Chrome as its default browser. The fix for Android 4.4 (KitKat) will require an OS update whose availability will depend on device manufacturers and carriers, Rapid7 says. Users who run Android versions older than the stock browser should stop using the AOSP browser.”]
Source: https://www.csoonline.com/article/2924996/android-stock-browser-vulnerable-to-url-spoofing.html