Bug allowed attackers to use fake certificates to bypass HTTPS protections.
Tag: https
Draconian move follows the issuance of certificates masquerading as Google domains.
Bug forces millions of sites to use easily breakable key once thought to be dead.
CTO pledges new policy to prevent similar mishaps in the future.