The article is a security company ~~trying to hype their company~~ ruining their reputation in an incredibly ill-thought out attack that companies will ABSOLUTELY remember.
Even worse, it just makes this security company look incompetent. Like a home security company that announces a huge vulnerability in Schlage locks- there's a key that can unlock the lock included with every lock sold!!11!!!11!one!
I know what he's talking about- there was some javascript spec or something that google proposed, and nobody else bought in, so it never actually became part of javascript's standard.
But google implemented it into chrome's javascript engine anyway, and then used it for youtube. There was some fallback code if the new functions weren't available, but, because of a 'mistake' they didn't work and basically made playback ass for a while until the open source community basically debugged and fixed the issue FOR google, and then spent a few weeks cramming it down google's throat that it needed fixed.