The browser is verifying that the certificate appears in public certificate logs. So if a TLA forges a certificate (whether with the cooperation of a certificate provider, DNS provider or domain owner) that is now part of the public record. And if they do it with any domain that has enough eyeballs, someone would presumably notice. Not to mention that it's an easy way for agencies from rival countries to tip a reporter or security researcher off that it happened.
Of course in reality most browsers don't actually check the certificate logs but only require timestamps signed by certificate logs that prove that at least two certificate logs know of the certificate. A TLA that can pressure at least two logs to provide those timestamps without actually publishing the certificates isn't really stopped. But at least that widens the circle of people who have to be in on the conspiracy.
In a perfect world browsers would do spot checks against the actual certificate logs, and require that the signed timestamps are from logs that are unlikely to be influenced by the same actor (e.g. a Western, a Russian-sphere and a Chinese-sphere certificate log). Your guess why we don't do either is as good as mine
Of course in reality most browsers don't actually check the certificate logs but only require timestamps signed by certificate logs that prove that at least two certificate logs know of the certificate. A TLA that can pressure at least two logs to provide those timestamps without actually publishing the certificates isn't really stopped. But at least that widens the circle of people who have to be in on the conspiracy.
In a perfect world browsers would do spot checks against the actual certificate logs, and require that the signed timestamps are from logs that are unlikely to be influenced by the same actor (e.g. a Western, a Russian-sphere and a Chinese-sphere certificate log). Your guess why we don't do either is as good as mine