Does it reveal which websites they have keys for? I assumed that was the issue.
Discussion
No. You can already do that without an attack if you use resident keys. (aka passkeys *without* a username)
This only means that someone with your PIN and extended access can clone it.
Did y'all read the vulnerability in detail? If you don't have access to near perfect lab conditions and incredibly expensive high-end equipment you cannot do this. In other work, this is a theoretical vulnerability for most. I was able to switch to new Yubikeys, but transitioning my passkeys and other creds was a PITA.