hg84 It is true that the fingerprint unlock is less secure than PIN or password unlock. I don't know whether the two 0-day vulnerabilities referred to in the post can be used on GrapheneOS. But 0-days exist all the time and are patched all the time.
GrapheneOS somewhat increases the security of fingerprint unlocks by disabling biometrics after 5 failed fingerprint attempts:
https://grapheneos.org/features#more-secure-fingerprint-unlock
However, any exploit chain which allows for the fingerprint unlock to be attempted an unlimited number of times on GrapheneOS would then make brute force attacks with the fingerprint reader possible.
Note also that biometric unlock is only available AFU when the owner profile is decrypted. Rebooting the phone, either manually or automatically, puts encryption of the owner profile at rest, and disables all biometrics. In this BFU state, the phone is far more secure against attacks, brute force or otherwise.