This was a classic phishing attack. The user was duped into clicking on a link that took them to a hostile website that took advantage of a BROWSER flaw. While the browser issue is problematic, it wouldn’t have been an issue if the user was more vigilant. It’s very hard to defend against social-engineering attacks since they involve trusted people doing secure things.
Your point about patches is a good one. The browser should have been up-to-date. I doubt Google fell prey to a zero-day attack.
DOH! I followed the time-honored tradition of posting before actually reading the article. Google did in fact fall prey to a zero-day attack on Adobe Reader.