CRIME is the name of the new attack that can hijack HTTPS sessions. When you visit websites with HTTPS you expect them to be safe but researchers find new vulnerabilities. With CRIME, if you visit a site and you log in with your credentials like a bank, Google or Facebook the attacker can then decrypt the information of the session cookies and log in to those site and pretend to be you. If this is not scary then I don’t know what is. They can do it by exploiting a security hole in TLS 1.0. Those are the same researches who developed and demonstrated the BEAST (Browser Exploit Against SSL/TLS).

CRIME can hijack HTTPS sessions