The Same Origin Policy is commonly circumvented by clientless SSL VPNs; the VPNs draw content from all over the Internet and present it to the client as though it came from the same origin, thereby allowing scripts from various sites to interact. This is dangerous because a malicious script from a compromised site could interact with a script from a legitimate site without restriction, potentially leading to malware infections or sensitive data being compromised.
In short using VPN is not as secure as what you think. You can find the whole article of here which is quite a read. It teaches you Same Origin Policy using just a few words.