Vulnerabilities exist in two popular alternative browsers for Android Dolphin and Mercury that depending on the browser could result in either remote code execution or arbitrary read/write access. Mobile security researcher Benjamin Watson, who blogs under the guise of Rotlogix, discovered the browser vulnerabilities and published descriptions, along with proof-of-concept code on both over the weekend. Dolphin, run by San Francisco-based Mobotap, Inc., boasts between 50,000-100,000 100,000,000 installs. Mercury s bugs are mostly rooted in its WiFi Transfer feature.
Source: https://threatpost.com/vulnerabilities-identified-in-dolphin-mercury-android-browsers/114392/