MetaMask Browser URL and Transaction Origin Spoofing - Metamask wallet Android & Metamask wallet iOS

@renekroka and @hackerontwowheels from the talented team at [UGWST](https://ugwst.com/) discovered a bug that prevented the MetaMask Mobile browser from correctly updating the domain of the browser tab after a redirect. By exploiting this bug, the duo demonstrated that if a user was redirected from a trusted dApp to a malicious one, any transactions requested by the malicious dApp would appear to have originated from the trusted source. Note that for the malicious dApp to have permissions to request transactions, the wallet owner would have had to explicitly confirm they would like to connect their wallet to it. Our team worked swiftly to work on a fix that was rolled out to all users shortly after. The MetaMask team would like to thank @renekroka and @hackerontwowheels for their demonstration of professionalism, incredible report, and for helping make MetaMask safer for all its users.