You say in the article that "None of these vulnerabilities have been exploited in the wild yet". There is no way to tell if the vulnerabilities have been exploited in the wild. You can bet state sponsored hackers and intelligence agencies knew about these vulnerabilities long ago. Google researchers in their own white papers insist that they have no idea if these exploits have been used. The exploitation does not leave any traces in traditional log files. When asked if the exploit has been used in the wild, they correctly posit, they don't know.