It's still a copy of the browser code that comes with the base OS, even if it dodges the bullet on this bug. The Chromium-based WebView doesn't receive updates like the Chrome app so will generally contain unpatched vulnerabilities, so the system level issue remains.

(Note that the rare-to-nonexsistent OS updates are still a problem, this WebView issue nonwithstanding. They are running old vulnerable Linux kernels which compromises the app sandbox)