I can't provide a link, but I have seen a preliminary risk assessment of the CVE-2021-1844 vulnerability stating that it can be used for drive-by attacks (i.e. malicious code could be executed on your device just by displaying a web page). I highly recommend to update ASAP. It's now a race between users updating and blackhats analyzing Apple's patch to reverse engineer how the vulnerability can be exploited.