Yes, the goal was that EV certificates would fill this gap. However, research showed that they didn't meaningfully affect user behavior[1], it was easy to get CAs to issue EV certs for company names that misled the user into thinking the phishing site was secure[2], and it was even possible to issue colliding EV certificates simply by registering your company in a different jurisdiction[3]. So in 2019, Chrome, Safari and Firefox all removed the "special" treatment of EV certificates. (In Safari it's still distinguished by a green vs grey lock icon, I believe)
Also, this feature (EV certificates) exists because the CAs wanted to sell a product with a higher ticket price, and it shouldn't be mistaken for something engineers designed to actually deliver any security.
For example, suppose you go to https://som.example/ which is the web site for "Somex Ample" products. You don't trust "mere" DV certificates for som.example, which you believe may be purchased by bad guys, but you're comfortable because "Somex" has purchased an expensive EV certificate for "Somex Ample" of Springfield.
You fill out a form on the secure web page, and hit submit. But, unlike you, your web browser intentionally has no idea who "Somex Ample" are and no interest in whether they spent a lot of money on their certificate. When the server it reaches has a boring DV certificate for som.example that's fine, the browser compares this name to the name in the HTTPS URL and it matches exactly so that's fine. The browser sends your form data to this server, gets back a 30x redirect and then (maybe after some more bounces) gets a fresh web page to show you. This page might come with one of those shiny EV certificates you like, or it might not. Either way, that form data you were careful to only fill out on the "safe" EV page, went to a server without an EV certificate.
So, getting rid of the separate UI indication for EV was largely reflecting a reality that already existed. The DNS name is correct because the browser always verifies that matches at every step, but if you're relying on something else it's on you.
I don't think your example illustrates an actual security issue, and I don't think it's useful to users to expect EV certificates to change how the same origin policy works. Personally, as a user, the value of EV certificates was not that I "didn't trust DV certificates", but that (at their best) EV certificates validated the link between a known corporate entity and a domain name. Once I know that "som.example" and "Somex Ample" are the same entity, there's no reason to worry about "downgrades" or not trust DV certificates for the same domain name.
>it was easy to get CAs to issue EV certs for company names that misled the user into thinking the phishing site was secure
The other way was an issue as well. We could only get an EV cert for our real/primary company name, but not the subordinate name we had registered for our B2C business. That would mean that our customers would see the correct URL, but the EV would show the name of a company they didn't know.
[1] https://chromium.googlesource.com/chromium/src/+/HEAD/docs/s...
[2] https://typewritten-archive.cynthia.re/writer/ev-phishing/
[3] https://arstechnica.com/information-technology/2017/12/nope-...