Google doesn't respect its own 90 days deadline!
CVE-2014-7923 was created on October 6th, 2014 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923) - and that is only the date when the CVE identifier was created - not when the vulnerabilty was discovered, which of course happened *before*.
(It looks the other CVE entries too were created on 20141006 - thereby it looks Google too needs time to fix things and release them... how many other later vulns are there and waiting to be patched well after 90 days?)
"Strangely" they waited a "few days" for the release of a patch.... but of course wait for googledrones flying in to say this is different....