Since, my recent android SOP bypass [CVE-2014-6041] triggered a lot of eruption among the infosec community, I was motivated to research a bit more upon the android browser, it turns out that things are much worse than I thought, I managed to trigger quite a few interesting vulnerabilities inside of Android browser, one of them being another Same Origin Policy Bypass vulnerability. The thing that makes it worse was the same SOP bypass was already fixed inside of chrome years ago, however the patches were not applied to Android browser < 4.4. - See more at: http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html#sthash.xvX1JLxA.dpuf
↧