Let's assume that some malicious third party has control of the certificate that was created by this fishy CA. The main attack that they could carry out is a man in the middle (MitM) attack. This attack requires this malicious third party to be able to intercept and change the contents of requests being sent to google.com and someone's web browser.
A MitM attack can be easily carried out by someone in control of an ISP, or someone in control of a WiFi network. So, if you trust your ISP and your WiFi network, realistically you have nothing to worry about.
The reason that this issued certificate could allow an attack like this to happen is because all websites nowadays use HTTPS connections, and certificate authorities are the entities that tell your web browser that certain certificates are legit. They confirm that a website is actually that website.
If you visit some website and someone tries to do a MitM attack between your web browser and that website, the web page should fail to load because if they try to change the certificate, your web browser should reject it because it is invalid.
Well now that everyone knows about it, its a whole lot less bad.
The bad certificate was caught, and caught quickly. The system works.
It is a bit like if airport security catches someone who wanted to bomb a plane. Yes the immediate gut reaction is that is terrible, but if you think about it for a bit its actually reassuring, since its proof the safe guards worked.
A MitM attack can be easily carried out by someone in control of an ISP, or someone in control of a WiFi network. So, if you trust your ISP and your WiFi network, realistically you have nothing to worry about.
The reason that this issued certificate could allow an attack like this to happen is because all websites nowadays use HTTPS connections, and certificate authorities are the entities that tell your web browser that certain certificates are legit. They confirm that a website is actually that website.
If you visit some website and someone tries to do a MitM attack between your web browser and that website, the web page should fail to load because if they try to change the certificate, your web browser should reject it because it is invalid.