Changes to Google’s bug disclosure policy were announced recently by the company’s Project Zero security team. This comes as Apple and Microsoft security flaws were exposed when they did not meet the 90-day deadline. Project Zero is Google’s security team that looks for security flaws through the code of Google and other competitors. When any vulnerabilities are found, the team notifies the flaws to vendors immediately giving them a 90-day deadline to provide a software patch. This is so that a fix can be made before the vulnerabilities get exposed to the public.

The new deadline given is a 14-day grace period that does not include weekends or public holidays. This is so that companies will have enough time to address the issue and come up with a software fix to the vulnerability. According to Project Zero,

We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch.
The giant tech company noted that they have always played by the same rules even though it is their own tech team working on the issues. This means that prior to the policy change, Google also had a 90-day deadline just like other companies. They claimed that Android and Chrome had to meet the same deadline policies as well.

Source: Google