An Untrustworthy TLS Certificate in Browsers
The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy:
More details by Reardon.
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4
Cory Doctorow does a great job explaining the context and the general security issues.
https://pluralistic.net/2022/11/09/infosec-blackpill/#on-trusting-trust
.