In late December, they published their findings regarding a vulnerability they initially believed to be in Samsung's Knox architecture but turned out to be an Android 4.3 flaw that allowed attacker to perform a Man-in-the-Middle attack by bypassing VPN configurations to intercept data.
On Monday, they shared that Android 4.4 ("KitKat") is susceptible to the same attack (with some modifications).
"At first we could not reproduce it with the original vulnerability code since KitKat has a modified security implementation," the researchers noted in a blog post.
"Following an elaborate investigation we were able to reproduce the same vulnerability where a malicious app can bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."
Google has, of course, been notified both times, and the researchers understandably didn't go into specific details about their exploit or the vulnerability and won't share that information until the flaw is fixed.
They haven't mentioned if they believe the flaw is being exploited in the wild by malicious attackers, so it's safe to assume they don't know. Of course, this doesn't mean there aren't any.