A bug in some security software has potentially compromised Internet security.
Many news reports urge you to change your passwords immediately, but that is not the full story. It is of limited use changing a password for a Web site until the bug, if ever present on that site, has been fixed there.
Here’s a useful facility to test whether a Web site is (still) vulnerable.
There is also a possibility that a site’s security certificate has been compromised and that private keys have been discovered. This is potentially very bad news and some organisations will probably revoke certificates and issue new ones. However, some Web browsers do not accept certificate revocation by default, particularly Google Chrome. See a report on this here.