The quote from Google to Beardsley is as follows:

If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.

According to Beardsley, it seems that Jelly Bean devices are simply too old to support -- supporting old software versions is fairly unusual, after all. The truth of the matter is that WebView support in older builds of Android is baked firmly into the operating system, making it much harder for Google to roll out an update to affected devices. However, as Android 4.4 and Android 5.0 are already patched, the onus is then put on the various OEMs and carriers to issue a patch instead.

Google has mitigated this issue in newer versions of Android by dropping WebView from the core OS and incorporating it into the Google Play Services 'app'. Google can issue updates via an update via the Play Store, patching bugs like these as they're discovered. In this case, Beardsley asks Google to reconsider, due to the wider consequences this security flaw could potentially unravel, but in reality Google has its hands tied.

Update: This article has been changed to explain why Google cannot patch the WebView bug in Android.

[Image credit: Phillip Bond / Alamy]