So I bought a Chromecast, and plugged it into a spare HDMI socket. So for an extra $50, I had a true smart TV, one that works on WiFi leaving my ethernet cables I pulled through the walls obsolete. Now it looks like I dodged a bullet with respect to this security vulnerability.
Chromecast is not the only option - there's a variety of similar products around. And if one gets dropped by it manufacturer and has a security vulnerability, its simple and cheap to replace with a competing product. No need to lay out big bucks buying another "smart" TV.