Re: Google doesn't respect its own 90 days deadline!
I didn't find the release date of the CVE anywhere. Contrary to your insinuation I don't think Google is wonderful. There's a lot to criticise about the company. But they're handsomely winning the PR war about security. And I think they understand better than most, that you can only keep the most severe exploits under wraps and even then only a for a very short time (OpenBSD is the model here).
I haven't done a look at the commits but I can't imagine they put something in stable without first having it in the beta version. A hotfix for all versions would be the exception here. I suppose that checking this would prove which of us is right about this.