There are more than 100 million of devices that are running on Android version 4.3 Jelly Beans or earlier version and Google leaves all of these devices under threats.
WebView is the embeddable browser control powered by a version of the WebKit rendering engine used in Android apps. This has been replace in the Android 4.4 KitKat and Android 5.0 Lollipop, as they use Blink rather than WebKit for their WebView and hence is unaffected from bug.
Beardsley had reported the vulnerability to Google but the replied from the search giants have everyone shocked. Beardsley quoted the replied statement made by Google which reads-
"If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch."So, Google is no longer going to be providing security patches for 4.3 or earlier version but the company has said that it will welcome third-party patches
"Google's reasoning for this policy shift is that they 'no longer certify 3rd party devices that include the Android Browser', and 'the best way to ensure that Android devices are secure is to update them to the latest version of Android'," explained Beardsley.
This improved servicing and maintenance is one of the reasons that Google has been pushing more features into APKs and out of the Android OS. But it does little to help the 60 percent of Android users who are currently at risk