The vulnerability lies in the way that anti-XSS filters handle a specific attribute in IFRAME tags. Exploiting this flaw allows the attacker to bypass the filter and run his injected code. The vulnerability is fairly simple to exploit and a researcher has posted proof-of-concept code. Apple said it is still working on the issue, but the fix landed in the stable Chrome channel in the recent release of version 32. The vulnerability still exists in Safari on Mac and iPhone, however.
Source: https://threatpost.com/xss-filter-bypass-bug-found-in-chrome-and-safari/103761/