https://play.google.com/store/apps/details?id=com.android.chrome

Hello, I see that you didn't disable file access and content access for WebViews in the following files:

org/chromium/chrome/browser/preferences/PrefServiceBridge.java
org/chromium/chrome/browser/preferences/website/SingleCategoryPreferences.java

You should call these methods before loading any content in your WebViews

webView.getSettings().setAllowFileAccess(false);
webView.getSettings().setAllowContentAccess(false);
It's important because in case of MitM attacker will be able not only spoof content, but also access to all content providers of the app like so: <img src="content://your_authority/123">. Here's example how files can be retrieved http://responsiveandroid.com/2012/02/20/serving-android-webview-resources-with-content-providers.html
Images are not protected by SOP, but other content types weren't tested by me on Androids.

File access should be disabled because attacker can load any shared preference file (/data/data/com.banksimple/shared_prefs/*) in an <iframe> and then make a screenshot of contents using available to everyone (I mean you don't need any special permission to do that) tools. After that characters are to be recognized and data will be stolen