We explained our perspective on attempting to police phishing and malware at the CA level in a blog post.
Our policy does not allow for revoking certificates on the basis of being used by reported phishing and malware sites. Doing so would be impractical, ineffective, and likely lead to mistakes being made. We believe that this policy is in line with our compliance obligations.
We recommend that people who have identified phishing and malware sites report them to Google Safe Browsing and Microsoft SmartScreen.