On April 1, 2014, Google security notified the OpenSSL team of the bug later called Heartbleed. The choice of April Fools Day seems curious with Google’s fondness for pranks, but the risk is real. OpenSSL is the open source project for Secure Sockets Layer (SSL) that establishes links between Web browsers and servers.
If you think this is esoteric, your are not alone. In fact, a majority of Internet users did not change their passwords despite the warnings.
Even with the vulnerability, it is complicated to exploit someone in the real world. If you are concerned, change your passwords and avoid unfamiliar domains.
Symantec has additional information and guidance here.