Reputable technology site Ars Technica has confirmed that a major security flaw in the Android web browser has been discovered. 

The issue affects about half of Android phone users. 

Essentially what the bug does is allow dodgy websites to capture passwords and other sensitive information you have entered in other sites.  

So a website run by unscrupulous people that manage to get you to click on a link could capture your banking information or other private data. 

Google has admitted the flaw exists and rushed to provide patches, but says that users of newer versions of Android, 4.4 and later are not affected. Nor are people who use Chrome as their browser instead of the standard Android browser. 

Unfortunately only about a quarter of Android users are on 4.4+. 

Google has issued patches to fix the flaw. You can find the links to the patches at the bottom of the Ars Technica article here: http://arstechnica.com/security/2014/09/android-browser-flaw-a-privacy-disaster-for-half-of-android-users/