what bothers me the most tbh is Chrome that doesn't have any serious JS and/or cross site scripting protection... there was something, experimental feature found in about:flags, called "XSS auditor", it's not there anymore in the last dev version. They may have fully integrated it but I don't see it in the change log, and there's no new option in the UI.