There’s a serious vulnerability in pre-4.4 versions of Android that allows an attacker to read the contents of other tabs in a browser when a user visits a page the attacker controls. The flaw is present in a huge percentage of the Android devices in use right now. The vulnerability was first disclosed in late August, but there has not been much in the way of public discussion of it. The bug applies to the Android Open Source Platform browser, an older browser that Google no longer supports.
Source: https://threatpost.com/flaw-in-android-browser-allows-same-origina-policy-bypass/108265/