Google stops providing updates for Android Jelly Bean and lower versions for Webview component
900+ million users left in a lurch as Google says it has stopped providing security patches for the Webview component in Android 4.3 Jellybean and earlier versions
Sad but true. If you one of those people who use Android 4.3 and below version operating system on your smartphone and are waiting for Google to patch the Android Same Origin Policy (SOP) vulnerability, well you are not going to get it from Google.
The Android legacy SOP flaw which was discovered by Rafay Baloch, a Pakistani security researcher, affects the webview component of the Android default browser shipped with around 930,000 smartphones operating on Android 4.3 Jelly Bean and below.
The security hole can be exploited in all versions of the Android Open Source Platform (AOSP) browser which also known as Android stock or default browser. The vulnerability exists only in Android OS 4.3 Jellybean and below.