The easiest way to solve the problem is for servers to simply stop supporting SSL 3.0, since it's largely been replaced by TLS and other successors -- but since SSL is still widely used, Google says that could cause significant compatibility issues. For now, the company says the best solution is for browsers and severs to support TLS_FALLBACK-SCSV, a mechanism designed to stop attackers from forcing security handshakes to default to older standards. Google Chrome and the company's own servers have been using it since February, and the company is testing further Chrome changes that disable falling back to 3.0 altogether.

On the positive side, Google seems to have discovered the vulnerability on its own, and it's not clear how wide-spread it is. Still, Google's solution is only a temporary defense: SSL 3.0 can't be fixed. "There is no reasonable workaround," the company wrote in its security advisory. "To achieve secure encryption, SSL 3.0 must be avoided entirely." Check out the company's full technical explanation of the bug at the source link below.