I've seen that happen before to a workmate.
Removing the font and re-installing solved the issue.
If you need assistance removing fonts from OSX and reinstalling follow this link
EDIT:
To clear the current user’s font cache, first quit all running applications (otherwise, you may see font oddities after using the command), then open Terminal (in Applications -> Utilities) and run this command:
atsutil databases -removeUser
If you want to remove the font cache for all users, use this command, and provide your admin password when asked:
sudo atsutil databases -remove
Once you’ve cleared the caches, you should stop and restart the ATS server with these commands:
$ atsutil server -shutdown
$ atsutil server -ping
It will take a second or two for the server to restart, but when it does, you should be good to go. If anything still looks odd, a logout and login should take care of any lingering issues.
credit: http://www.macworld.com/article/1139383/fontcacheclear.html
Methods Endorsed by Chrome Apps
Use templating libraries
Use a library that offers precompiled templates and you’re all set. You can still use a library that doesn’t offer precompilation, but it will require some work on your part and there are restrictions.
You will need to use sandboxing to isolate any content that you want to do ‘eval’ things to. Sandboxing lifts CSP on the content that you specify.
Sandbox local content
Sandboxing allows specified pages to be served in a sandboxed, unique origin. These pages are then exempt from their Content Security Policy. Sandboxed pages can use iframes, inline scripting, and eval() (and the last two are the ones being prevented). That'll fix 'unsafe-inline' and 'unsafe-eval'.
- Use inline scripts in sandbox
- Include sandbox in manifest
Access remote resources
You can fetch remote resources via XMLHttpRequest and serve them via blob:, data:, or filesystem: URLs. This should fix the jQuery fetching issue.
Manifest requirement
To be able to do cross-origin XMLHttpRequests
, you'll need to add a permission for the remote URL's host.
Cross-origin XMLHttpRequest
Fetch the remote URL into the app and serve its contents as a blob:
URL.
I don't think you can do any of these. To fix the unsafe-eval
and unsafe-inline
response headers, only the script owner can fix the code or if it's in public domain, you can fix it. All this is probably a one-time fix.
Hacks
UnsafeWindow
http://wiki.greasespot.net/UnsafeWindow
Content Script Injection
http://wiki.greasespot.net/Content_Script_Injection
The hacks however have downsides because they've known to cause security holes atleast the first one, definitely.
Best Answer
Chrome doesn't do this automatically. Check your extensions and disable the one which does this. If you aren't sure, edit your question to include he list of extensions installed