Following up on this completed Canny and developer update from last month, the issue isn't fully resolved. Group members with the "Create Group Instances" permission do not see the ability to make group public instances in the VRChat client,

Current mitigation until VRChat resolves the issue: Don't allow group members to open Group instances. Enabling Group+ instance creation does not allow the exploit.

The last exploit was left open for over a year. I hope this one won't see the same treatment. I'd really like to allow our group members to create their own group instances without the risk of having unauthorized public instances opened.

Thank you to our community member Joakorex for bringing this to our attention. <3