After searching web found that Chrome changed its default implementation of X-XSS-Protection to 'X-XSS-Protection: 1; mode=block' (reference)
So the latest solution (and concerning the least change in code) is to disable X-XSS-Protection by sending a value of 0 from the server.
Here is the process how to do it from PHP
This is occured by a webpage displaying HTML that was
POST'd to it, at the time that HTML contains JS event triggers, for example :
<p class="someParagraph" onClick="doTheMagicThing();">
In case you have an iframe, that accepts text like this in a
POST or a forum, and you show that text, as well, thereafter Chrome will issue the error (and successfully block the page), if not you have the
X-XSS-Protection header disabled.
In case you administer the website
In case you’re viewing this message on a website you administer, and it’s occuring at the time usual usage, for example submitting a form, you can inhibit it by including a page header to the POST submission.