French government agency using unauthorized digital certificates for some of its own domains to perform man-in-the-middle attacks on a private network. Google security engineer Adam Langley described the incident as a “S”, which was discovered in early December. Google has immediately blocked the misused intermediate certificate and updated Chrome’s certificate revocation list to block all dodgy certificates issued by the French authority. Microsoft warned that, “An attacker could use these certificates to spoof content, perform phishing attacks, or perform a large number of Google-owned domains”
Source: https://thehackernews.com/2013/12/fake-google-ssl-certificates-made-in.html