This was one of the better briefings/demos that I saw at Black Hat.
Technically it cannot decrypt your SSL/TLS/HTTPS data. Its a XSS (Cross Site Scripting) exploit where they can brute force secrets/tokens stored in the HTML source.
It was pretty impressive that they brute force a session token for Microsoft Outlook Web Access within 40 seconds and less than 1200 web requests!
The other cool thing about this attack is that they don't have to do a complicated MITM (man in the middle) attack to obtain those secrets.
This hack, in combination with other browser history discovery hacks that they demonstrated at Black Hat, would be pretty potent!
What they didn't say clearly in this news post, is that this attack requires the browser and webserver using compression. So if you disable compression on your browser, you will mitigate this attack. The same goes for disabling compression on the web server (both for content and TLS).