Chromium >38 starts to use the Content Security Policy directive reflected-xss. The current directive value is invalid:

The 'reflected-xss' Content Security Policy directive has the invalid value "'block'". Valid values are "allow", "filter", and "block".

Reference

http://www.w3.org/TR/CSP2/#reflected-xss