I must clarify that the WebView vulnerability affects all Android versions before 4.2. The new exploit in question affects the built-in web browser, not just third party apps that make use of WebView. This, of course, makes this even more dangerous.

This is covered in a Reddit conversation involving a person involved in the exploit here.

It seems that Android 4.0 and 4.1 are affected by the web browser vulnerability, and apparently some OEMs have patched it, but it is still a big deal. A web site is provided to test for the problem, but I can not vouch for it. I can confirm that the site indicates a vulnerability in the browser in the Android 4.0.3 emulator, and that it does not in in a 2.2 emulator.