Just an update from the Google side: As discussed below, any Android users on 4.4+ or running Chrome are not affected. For earlier versions of Android, we've shipped patches for AOSP:
OS updates for $SPECIFIC_PHONE are generally reliant on the carrier to decide to push out a patch, even after AOSP itself is patched. So an answer "from the Google side" can't really answer your question.
is android kitkat 4.4.x safe from this bug regardless of whether chrome browser exists (not installed or uninstalled) in the phone or not? please enlighten. thanks.
https://android.googlesource.com/platform/external/webkit/+/... https://android.googlesource.com/platform/external/webkit/+/...
These are in the AOSP branches for jb-dev, jb-mr1-dev, jb-mr1.1-dev, and jb-mr2-dev.