I am sort of surprised that there haven't been more of these attacks (I only know of handful) given how vulnerable certification chain is to attacks such as these.

Even when the mistake is noticed, it will take time for browsers to update their revocation lists. Do other browsers require the same heavy-weight updating as Safari on OS X (Software update to Safari)?