Currently they're only permitted to release binaries of the patches due to the embargo, this is why these patches are in the parallel stream/optional (so people unhappy with being unable to see the sources won't have them shoved down their throats).
I don't have URLs at hand at the moment but all these questions have been asked many times and explained extensively on their discussion forum.
I, for one, feel safe. I was patched since late October (IIRC) for the vulnerabilities that Android-related outlets were warning about in early December.
It's quite surreal how unsafe the standard Android is. And how Google and the big companies pretend old devices (these running Android 11, 12, 13, not updated for several years) are safe and secure. While all it takes is the user stumbling upon one malicious we page or getting a WhatsApp message they won't even see.
Well that's untrue. I'd even venture to say that with how many OEMs there are it's insane how safe Android is. Google for one updates their devices for 7 years since Pixel 6, they can't control OEMs who might have ~10 people working on their devices.
Pixel 8 https://endoflife.date/pixel