This does not say if there had been a risk of certificate theft (sorry, sharing) prior to patching and so is completely useless. I want to know if and when I need to change Google passwords. Ditto Amazon, Dropbox ....
Replacing certificates and advising users to change passwords prevents exploitation of any previous successful attack. Google have not done anything about previous attacks, but nor have they said such attacks could not have been successful.