Considering the vulnerability is open to anyone not on the Android 4.4, the equation would make every 3 out of 4 Android users vulnerable to possible targets. However, the actual number is a lot lower considering the privacy disaster bug only affects those using the Android Open Source Platform (AOSP) browser.
Android Privacy Disaster bug:
The bug was first identified by a security researcher Rafay Baloch who released the bug details sharing that he has been able to exploit a number of devices like the Samsung Galaxy S3, Sony Xperia tipo, Motorola Droid Razr, HTC Evo 3D, and the HTC Wildfire. While Google has yet to comment on this rather critical bug, there are insecurities arising that the same flaw could be used to allow a bypass of the SOP protection used by other, more modern browsers.
This possibility of the flaw enabling hacker to do all sorts of things is what has gotten the bug the rather extremist name of Privacy Disaster bug. The situation gets even more serious as the exploit code has been uploaded to Metasploit - a platform used by hackers to breach systems.
- Source of Privacy Disaster bug: Forbes