For serious vulnerabilities, most people (including Google IIRC) would agree that 5 days is sufficient. More importantly, the fact that it wasn't scheduled to be in today's fix means that we have to wait until the next release to get this fix (which will take longer than a week). It's such a trivially exploitable vulnerability that it should be treated as serious.