The SHA-1 shattered attack is more than 100,000 times faster than a brute force attack which remains impractical. Google has added protections for Gmail and GSuite users that detects our PDF collision technique. We are providing a free detection system to the public. The attack is still more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3. Googles vulnerability disclosure policy will wait 90 days before releasing code that allows anyone to create a pair of PDFs that hash to the same SHA1 sum given two distinct images.”]
Source: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html