Listen up Android users: If you use the default Android Browser on your phone or tablet, you have a critical security vulnerability that experts are describing as a "privacy disaster." According to the most recent statistics, about half of Android users use Android Browser.
This dangerous flaw exploits a problem with how Android Browser treats Same Origin Policy (SOP). I won't get too technical, but SOP is one of the most important building blocks of Internet security. Basically it prevents information you send to a website from being accessed by the wrong website - for example, a malicious website. It could let hackers intercept any data you send through your browser to almost any website. This includes your passwords, your emails, your payment info - all of it.
An independent security researcher named Rafay Baloch discovered the vulnerability and wrote about it on his blog. He found a way to bypass SOP on Android Browser. We don't know of any specific incident where a hacker has used this to steal personal information from an Android phone or tablet, but that doesn't mean it hasn't happened.
The good news is you might not be affected by this issue. The better news is that it's very easy to fix.