Ultimately we suppose Google just wants to keep the internet safe and perhaps in a bid to prevent further unhappiness at their practices, Google’s Project Zero team has recently announced that they will be extending that 90-day period by an additional 14-days, but only if the vendor were to inform them in advance before the deadline.
According to Google, “We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch. Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+).”
Of course this isn’t as generous compared to other companies who give longer grace periods, such a ZDI who gives companies a 120-day grace, but we suppose it is better than nothing and could go a long way in ensuring a better relationship between Google and some of these vendors.