CVE-2020-6506: Android Chromium WebView XSS via window.open()

Variant: User activation via iframe focus theft based on https://crbug.com/622714 behavior

Parent page on