The security flaw would allow a malicious website to install an application within the browser that could do things such as monitor keyboard input for login IDs and passwords when the user visits other websites. Google was quick to point out that all applications in Android operate inside a security sandbox that keeps a breach in one app from providing access to other parts of the phone. As such, the browser flaw could not be used to directly tamper with another part of the smartphone.
Even so, who out there would want a cyber criminal to get the login information to their online bill payment or other similar website?
Google has said that it has already patched the security hole in the open source version of Android and that it is working with HTC and T-Mobile to get an over the air (OTA) update for current G1 users soon.
[via NY Times]