Any trusted certificate authority can issue certificates for ANY domain. This is the trust aspect that is required in a PKI.
Your browser gets a list of trusted root certificates and will accept any valid certificate issued by these CAs. On my windows 8 box there are 53. Any of these providers could issue certificates for any number of domains.
The failure here is that Thawte allowed those certificates to be issued for ANY reason.
Google is their own certificate authority and likely has no need for a relationship with Thawte.