A vulnerability in Android’s default Web browser lets attackers spoof the URL shown in the address bar, allowing for more credible phishing attacks. Google released patches for the flaw in April, but ...