Probably, but my understanding is that knowledge of exploits pre-patch is very valuable and difficult to come by, and the more systems the hack is used on the faster it gets patched. For that reason these are only really used in high value and targeted attacks, and not so much broad net phishing campaigns.
Didn’t all major browsers recently push an urgent update due to a browser exploit?
Probably, but my understanding is that knowledge of exploits pre-patch is very valuable and difficult to come by, and the more systems the hack is used on the faster it gets patched. For that reason these are only really used in high value and targeted attacks, and not so much broad net phishing campaigns.