900+ million users left in a lurch as Google says it has stopped providing security patches for the Webview component in Android 4.3 Jellybean and earlier versionsSad but true. If you one of those people who use Android 4.3 and below version operating system on your smartphone and are waiting for Google to patch the Android Same Origin Policy (SOP) vulnerability, well you are not going to get it from Google. The Android legacy SOP flaw which was discovered by Rafay Baloch, a Pakistani security researcher, affects the webview component of the Android default browser shipped with around 930,000 smartphones operating on Android 4.3 Jelly Bean and below. The vulnerability in the WebView component, occurs when replacing the ‘data’ attribute of a given HTML object with a JavaScript URL scheme.  A potential hacker could leverage the UXSS flaw to scrape cookie data and page contents from a vulnerable browser window. Full Article