That doesn't even make sense. People who MITM traffic don't get Web PKI certs to do it with; they inject their own CA certs, a feature that continues to exist in the Chrome root program world and, indeed, has to in order for enterprises to deploy Chrome.