The vulnerability was initially reported to Google by Baloch, who told him that they couldn't reproduce the issue. However, Google has since begun listening after reports of the issue became more widespread, and currently they say they're working on a solution.
The Android Browser is a discontinued browser that forms part of the AOSP software package which is included with many smartphones. While the browser used to be the default in Android, since Android 4.2 Google has switched to Chrome, which is not vulnerable in the same manner. In Android 4.4 the last remaining portions of the Android Browser (embedded webpages in apps) were removed in favor of Chrome.
Despite the switch to Chrome, around half of the total Android user base still uses the Android Browser for one reason or another. Although Google is developing a fix to the problem, Android updates are typically quite slow at reaching all the necessary users, so many people could remain vulnerable for the foreseeable future.
If you're an Android user currently using the Android Browser, we recommend switching to an alternate browser to keep safe, such as Chrome (the Android default) or others like Firefox and Opera.