All three browsers check the address of the top-level page a user is navigating to. That protects most users in most cases. But, a web page can include content from another web page and if the included content is malicious then users may be exposed. Chrome (and Safari*) check every request against Google's malware list. This means those browsers will protect users even if malicious content from a flagged page is embedded on a non-flagged page.
Although that approach provides better protection for users, it may be confusing for webmasters if content on their site comes from another site. Some users (those with Chrome or Safari) will get warnings even though the webmaster's site is not blacklisted. Because the webmaster's site isn't blacklisted, they won't be able to request a malware review via Google's Webmaster Tools. Fortunately, this situation usually doesn't exist for very long. Google's scanners have already identified the embedded content as malicious but they haven't yet flagged the webmaster's site that includes the dangerous content. As they continue to crawl the internet, the scanners will quickly flag the webmaster's site.
If you're a webmaster in this situation, you'll need to examine all the content you're including from other websites. Look carefully at the warning page that browsers display since it usually includes the name of the domain that caused the problem.
* I can't say for certain exactly how Safari behaves because I haven't seen the code. But based on observation, Safari seems to have adopted the approach of checking every request.
Updated: FF3.5 checks every request against the blacklist and helps better protect users. FF3.5, Chrome and Safari all behave the same now.