"An intermediate certificate is essentially a master key that can create certificates for any domain name, " explained security analyst Chester Wisniewski from Sophos in a blogpost about the security lapse.
BBC: Google detects fake website ID certificate threat