Dutch Certificate Authority DigiNotar has issued an SSL certificate for all *.google.com domains. Attackers could poison DNS, present their site with the fake cert and bingo, they have the user’s credentials,” said Andrew Storms, director of security operations at nCircle Security. Chrome’s pinning feature is available not only to Google web sites but to any webmaster; if you run an HTTPS site, you can contact the Chrome developers and get your site’s keys hard-coded. Other browser vendors may implement a similar feature soon.
Source: https://thehackernews.com/2011/08/iranian-man-in-middle-attack-against.html