Google has fixed the vulnerability in some versions of Android, but millions of users of older versions are still affected. Security researcher Rafay Baloch discovered the vulnerability and developed a proof-of-concept exploit that allows him to steal data from a user s browser. Baloch said the vulnerability has been fixed for some time in Google Chrome, but had still existed in the Android browser until he disclosed it to Google late last month. There are several other browsers that contain the newer SOP bypass flaw, including Safari 5.0.
Source: https://threatpost.com/second-same-origin-policy-bypass-flaw-haunts-android-browser/108653/