CVE 2011-3907

The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.

See the CVE page on Mitre.org for more details.