Researchers at IBM have found that it's possible for third party applications to inject JavaScript code into the Android browser.

"According to a paper [PDF file] published by the researchers, the vulnerability exists in Android 2.3.4 and 3.1 and is believed to exist in earlier versions," The H Security reports.

"The browser holds sensitive information such as cookies, cache and history, and injected JavaScript could make it possible to extract that information, indirectly breaking the Android sandbox architecture," the article states. "The attack exploits flaws in how the browser reacts to calls to view web pages from other applications."

Go to "Android browser vulnerable to 'Cross Application Scripting'" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.