Also a problem, but at least the power is decentralized for now. Also, browsers are not operating systems, and it is easier to switch to another browser if you don't agree with its list of trusted CAs.

All valid points, except no CA can survive when Chrome isn't supporting them. Most users won't switch browsers because one site isn't compatible with Chrome, they're more likely to just use another site. So using that CA costs site owners customers and they in turn will move away from the CA.

My point sort of being, there is a deeper problem where industries self-police. People complain about oligarchies, ruling classes and corporations running America but at the same time they don't push for or support governments regulating things like this. Governments should be the arbiters of which CA is legitimate, just as which appstore and which app developer. If you want to treat patients, sell drugs, build bridges, sell cars,etc.. you give your id to the government and validate your credentials. App development as well as all other public safety impacting credential validation should be the same way.

If you're in europe, your local government does the validation and OSes like Android will respect the CA's of the country they're operating under. Software should obey laws. And if governments can't be trusted, that isn't a software problem but a political one.