So.. Symantec has a public root CA, and now they want to use it for "other purposes"? Why abuse an existing root for this instead of generating a new CA? Why are we trusting these guys with any CA at all again?
The public notice the article links to doesn't say anything about "other purposes". Their headline is "Discontinued Use of VeriSign G1 Roots". It does comment about continued use of that cert for code signing, likely due to legacy trust stores.
To me, it sounds like they're trying to consolidate their image under the "Symantec" brand by moving browsers off the old "Verisign" root, but they don't think they can move code signing. However, since code signing is outside the scope of CAB, they're stopping their audits.
> As Symantec is unwilling to specify the new purposes for these certificates, and as they are aware of the risk to Google’s users, they have requested that Google take preventative action by removing and distrusting this root certificate.
This is one of the old VeriSign 1024-bit roots. This and most of the other 1024-bit roots was removed or restricted to email in Mozilla some time ago (last remaining one is Equifax). They had been consider obsolete for a long time.
