Recently Yair Amit and I have discovered a Cross-Application Scripting vulnerability in Android’s Browser, which allows malicious applications to bypass Android’s sandboxing model, in order to inject JavaScript code into an arbitrary domain.
Full details can be obtained from the following sources:
1. Blog post
2. Advisory
3. Demo of PoC: