If you are the CA, you can sign a new certificate yourself for google.com and the browser will accept it. It’s effectively MITM for any certificate. The browser has no way of knowing there’s 2 “valid” certs at once, and in fact that is allowed regardless (multiple servers with different instances of the SSL cert is very common now)