The vulnerability is in how Javascript is handled by the Android function responsible for loading frame URLs.
The PoC is given below courtesy Rafay Baloch.
Older Android >4.4 users still vulnerable?
As said above, older Android users are still vulnerable to this major security threat.
Google doles out latest Android versions on its stock edition handsets and tablets like Google Nexus etc.
This flaw hits most of the users who are in lower middle and middle segment smartphone buyers.
Thankfully, only the default Android browsers are affected by the SOP bypass vulnerability.
If you are using a rooted Android gear, you should uninstall the default Android web app.
source: www.techworm.net
