>And thus why the CA system is broken in a nutshell.
I wouldn't call it broken. From what I see on Linux and Windows, Chrom[e|ium] relies on the system's trusted certificates. You always have the last says on who's in and who's out.
EDIT: Just checked, the Chromium-specific trusted CAs can be revoked through its configuration interface, doesn't just rely on system certs. Important detail, but still, user has the last word.
