Google hadn't been using OpenSSL for most of their services; in fact, they discovered Heartbleed when studying the possible transition to OpenSSL from NSS; they ended up transitioning directly to BoringSSL.
This doesn't detract from your point, since NSS is also open source, it's just a factoid.