"The 4.0.207.0 release uses a reflective XSS filter
that checks each script before it executes to check if the script
appears in the request that generated the page. Should it find a match,
the script will be blocked. According to Chromium developer Adam Barth,
the developers plan to post an academic paper that will describe the
new filter in further detail at a later time." – H-Online
However the folks at the slackers forum are already breaking it. While not totally rock solid still a step in the right direction.
