It would also require a sandbox escape to be a meaningful vulnerability.
Unfortunately, "seen in the wild" likely means that they _also_ had a sandbox escape, which likely isn't revealed publicly because it's not a vulnerability in properly running execution (i.e., if the heap were not already corrupted, no vulnerability exists).
I'd bet that the sandbox escape is just in the underlying operating system kernel and therefor isn't a matter for Chromium to issue a CVE.