How should we respond to a root CA breach?

Certificates protect against man-in-the-middle attacks, which are already pretty hard to accomplish on the open Internet. The attacker usually needs to either control a router between user and website or the DNS server used by the user. That's not something a wannabe cybercriminal can pull off from their basement. That's something which is usually done by state actors.

For most regular users it would be good enough to just let the browser vendors assess the situation and wait for them to revoke the root certificate with the next update if they deem it necessary.

But when you are working in a particularly sensitive industry targeted by highly sophisticated attackers, then you might opt to remove the CA's root certificate from your browsers certificate store yourself (how to do that depends on the web browser you are using). The result will be that any website which has a certificate issued by that certificate authority now generates a security warning. You can of course choose to ignore that warning and keep browsing it under the assumption that what you see might actually be a fake website provided by your attackers.

Also note that some websites might use certificate pinning. So your browser will remember who signed the certificate when they first saw the website and reject a certificate by a different certificate authority.