Re: "Chrome and Firefox are both vulnerable to CRIME"
And what about Opera?
I hate "press releases" like this. There is zero information. You've just told everyone that you're going to announce the release of a flaw which they won't know anything about until you actually release it, and they have no incentive to do anything until you do.
And, when you do, the nefarious people have not only been looking at the area you hint at specifically for the flaw you found, but they will be ready to get it and exploit it (and yet most browser manufacturers will probably wait for months, if at all, before they fix it).
Or you could have just put a patch out and let everyone get onto it at the same time.
Last time, it was actually a flaw in only some implementations SSL (OpenSSL etc.) and didn't affect some people at all. It was also due to crappy implementation of something that people had been warning for years was a bit dodgy and that other implementations had SPECIFICALLY patched for. And even then browsers etc. took months to catch up (and they were only susceptible because they HADN'T kept up with OpenSSL changes in the first place. I suspect that's the same this time around too, rather than some hugely groundbreaking hack that will kill SSL (actually TLS) on the net for everyone.
I think I opt for the "I'm using Opera, chances are they have already fixed it months ago or were never vulnerable to it" line. That's what I'd lay my money on, personally.
Everyone else - well, stop using junky software that can't even be bothered to keep up-to-date with SSL mailing lists and/or basic security patches issued years ago. I believe the flaw for BEAST had been detected and patched 9 YEARS previously in other SSL libraries.