Slightly OT, but this is a perfect reason to regard javascript crypto as dangerous. If one of the most heavily scrutinized cryptographic protocols can have what is in retrospect, a fairly obvious flaw (WEP fell to a very similar predictable IV attack), the average developer does not stand a chance of getting it right implementing it from scratch in an environment they do not have strong control over.
Nothing to worry about:<p><a href="http://news.ycombinator.com/item?id=3015995" rel="nofollow">http://news.ycombinator.com/item?id=3015995</a>
<i>I happen to know the details of this attack since I work on Chrome's SSL/TLS stack.</i>
<i>Fundamentally there's nothing that people should worry about here. Certainly it's not the case that anything is 'broken'.</i>