I see CVE and 0 day CVE regularly, I work closely with my ITSec colleagues… don’t actually recall seeing “being actively exploited” before on a 0 (or older) day CVE…
I should add - I get several emails a day from some Microsoft service we (my employer) gets by using Office / Outlook 365 - warning about vulnerabilties in a raft of products, BUT THEY’RE NEVER Microsoft products 
I’ts always “java this” or “android that” or “google chrome has what?” - but never "edge is so chock full of holes, we call it “Microsoft Colander”…