The trouble was caused by MCS Holdings, an Egyptian certification outfit that operated with CNNIC's blessing. According to Ars Technica
, the company issued certificates that could be used for man-in-the-middle proxies, enabling nefarious types to track otherwise private online activity. Google doesn't believe that MCS was acting maliciously, and blames CNNIC for delegating its responsibility to an "organization that was not fit to hold it."
According to Google's blog
, both the search engine and the CNNIC have agreed that the latter's security certificates will no longer be deemed trustworthy by Chrome. There'll be an as-yet unstated grace period for websites to re-certify with a new provider, but after that point, the browser will ask you if you're sure you want to visit a site it considers untrustworthy. Once CNNIC has cleaned house, it'll be entitled to reapply for a trusted position in Google's hearts.
There's a little nugget of controversy here, too, since CNNIC doesn't necessarily agree with Google's assertions. The Wall Street Journal
is reporting that the Chinese agency disagrees with the act, saying that the decision is "difficult to understand and accept." Mozilla users, meanwhile, are also being taken care of, although the team behind the Firefox browser aren't ready to say what their plan is just yet.