Most of the secure web is using an insecure algorithm, and Google’s just declared it to be a slow-motion emergency.
Something like 90% of websites that use SSL encryption — green lock — use an algorithm called SHA-1 to protect themselves from being impersonated. This guarantees that when you go to green lock for facebook.com, you’re visiting the real Facebook and not giving your password to an attacker.
Unfortunately, SHA-1 is dangerously weak, and has been for a long time. It gets weaker every year, but remains widely used on the internet. Its replacement, SHA-2, is strong and supported just about everywhere.
Google recently announced that if you use Chrome, then you’re about to start seeing a progression of warnings for many secure websites