(You'll note the explicit discussion in there about the deadline:
"Chromium issues should be treated the same as any others. So there's a 90-day deadline (which was not exceeded in this case), ...
Same disclosure warning to the Chrome team was in this bug: https://bugs.chromium.org/p/project-zero/issues/detail?id=51...
And project zero explicitly warned the Android team about the 90 day disclosure policy in the one bug report I checked:
https://code.google.com/p/android/issues/detail?id=182510
Edited to add:
Here's one where they disclosed prior to Android fixing the bug: https://bugs.chromium.org/p/project-zero/issues/detail?id=86...
with the note "deadline exceeded". Unfortunately, the link to the Android bug is still protected, so we can't learn why AOSP hasn't fixed it yet.