the Pwn2Own exploits have generally not already been out there. There have been a long history of these, including some incredible chrome exploits! So the disclosure process tends to work out OK.
I think that's right that pwn2own exploits are generally new to the public, but that only means it's not provably out there.
Just to be clear, I think programs like this are great and they do improve safety, but only because they result in patches. This news shouldn't make users feel safe until there is a patch.
Agreed, just because it exists doesn’t mean it was being exploited.
And these help patch not just the specific hole but the general approach of the exploit chain may expose a whole area the development team had not previously considered.
Just to be clear, I think programs like this are great and they do improve safety, but only because they result in patches. This news shouldn't make users feel safe until there is a patch.