But at this point with Ledger's statement, all devices (even coldcards for example) that have the same secure element chip are vulnerable or am I wrong?
You are correct. All Ledger devices use the same internal framework, and we know that it has been possible all along for the secure elements to export private keys, which is completely contradictory to all the claims Ledger have previously made.
In theory, unless you update to the newest firmware that unlocks seed-share and approve it physically by pressing the buttons on your Nano, the feature won't work.
Which is completely irrelevant. Given that a simple software update means the secret element can now export private keys, then a simple software update could make this feature mandatory, or could remove the need for any physical button presses, or could take everyone's private keys without their knowledge or consent. The whole point of the secure element is moot. The entire security of the device hinges on non malicious software.
It's probably worth pointing out that this is also the case for Trezor devices, which everyone on Reddit seems to be keen to move to. If Trezor implement malicious software, then the same thing will happen. The only hardware wallet I would even think about touching right now is a Passport - permanently airgapped and completely open source - but as I said before, airgapped, encrypted, cold storage on an old laptop or similar is far preferable.