Short answers, pulled from the story.
The CRIME vulnerability is a security flaw that turns data compression into a weapon for stealing secrets. Attackers deduce passwords one character at a time by observing the size of compressed web requests sent to secure websites.
Adam Langley first hypothesized the theoretical possibility of this attack, but Juliano Rizzo and Thai Duong transformed the theory into a practical weapon. They presented their findings at the 2012 ekoparty security conference in 2012.
The CRIME attack worked against a wide array of protocols including SPDY, TLS, and HTTP. The Transport Layer Security protocol specifically version 1.2 allowed the attack through its compression negotiation process.
The nginx web server was not vulnerable to CRIME since version 1.0.9 in October 2011 and version 1.1.6 in November 2011 when using OpenSSL 1.0.0 or later. By June and July 2012, versions 1.2.2 and 1.3.2 of nginx were secure using all versions of OpenSSL.
As of December 2013, the CRIME exploit against HTTP compression had not been mitigated at all. Juliano Rizzo and Thai Duong warned that this vulnerability might be even more widespread than SPDY and TLS compression combined.
The BREACH vulnerability is a variant of the CRIME exploit specifically designed to attack HTTP compression. Researchers Gluck, Harris, and Prado unveiled this attack at the August 2013 Black Hat conference.