The view-source feature in Google Chrome prior to 16.0.912.63 allows remote malicious users to spoof the URL bar via unspecified vectors.
google chrome