A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks. The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as “,” allowing remote attackers to bypass secure HTTPS protocol and reveal confidential private session data. The issue was first revealed at the 24th USENIX Security Symposium in Washington in August.
Source: https://thehackernews.com/2015/09/https-cookies-hacking.html