I've long noticed that some browser user interfaces are either:
- Lying about the path used to validate certificate trust, or
- Have some kind of weird intermediate caching/sharing going on, where if they can find a matching public key in an intermediate encountered on a different website, they will use it to build the path.
You can have a server with a fullchain that clearly builds a path to Identrust, but the browser shows a path to the ISRG Root. Like wtf mate? I always check the path with OpenSSL now.