Why do you think that solving "CA problem" wouldn't do? The majority of the problems you mention is related to CAs. Other set of the problems could be linked to bad usability of browsers. After all, security adds complexity and restrictions, there is no way around it.
But what if "CA problem" is solved in such a way that helps browsers (and users) make better informed decisions? Also, what if the system allows you to not completely trust a single CA? Finally, why browser vendors don't require bundled CAs to provide annual audit about their security from independent companies?
Of course, there is also the fact that majority of Internet users simply do not care about security... (e.g. "I have open WiFi, so what?!", "Pearson 1: You are using http, which means someone can see you communication. Pearson 2: So what!?" or "Pearson 2: Uhm?!").