In the rush to create mobile apps that work across the leading smartphones and tablets, many developers have leaned heavily on web development tools and use embedded browsers as part of their packaged applications. But security researchers have shown that relying on browser technology in mobile apps—and even some desktop apps—can result in hidden vulnerabilities in those applications that can give an attacker access to local data and device features through cross-site scripting.
via Ars Technica – Google Earth, other mobile apps leave door open for scripting attacks. Oops, just because it doesn’t look like a browser doesn’t mean it doesn’t suffer the same security holes.