Chrome now protects against "clickjacking," a term used to describe browser-based attacks that trick users into clicking on site buttons or Web forms, with "X-Frame Options." Another IE8-inspired security feature is cross-site scripting protection. The new XSS filter checks for reflective XSS. Adam Barth, a software engineer on the Chrome team, explains:
The XSS filter checks whether a script that's about to run on a Web page is also present in the request that fetched that Web page. If the script is present in the request, that's a strong indication that the Web server might have been tricked into reflecting the script.