No, and the standard (RFC 6844) says they must not. That's because, in the eyes of the standard, a CAA record is applicable at time of issuance, but a valid certificate could have been previously issued (and still be valid), even though you've moved to a new CAA record for your next certificate.

"Relying Applications MUST NOT use CAA records as part of certificate validation."

For what you're looking for, DANE (RFC 6698) would be more useful and enable the browser to check the presented certificate against DNS (so effectively CAA on the client).

As far as I know, they do not.

Even if they did, it doesn't really address the problem. In order to mount an effective impersonation attack, the attacker needs to either control the network or the DNS. In either case, they will generally be able to remove or change the CAA record; remember that DNSSEC deployment is comparatively rare and browsers do not verify DNSSEC in any case.