Android’s default browser is vulnerable to URL spoofing

Droid1

A vulnerability in Android’s default Web browser lets attackers spoof the URL shown in the address bar, allowing for more credible phishing attacks.

Google released patches for the flaw in April, but many phones are likely still affected, because manufacturers and carriers typically are slow to develop and distribute Android patches.

Android 4.4 users who haven’t received an OS update recently should avoid using the stock browser to access sites that require authentication, Rapid7 said in an advisory. Chrome or other browsers that are updated through Google Play can be good alternatives.