Finally chased the bug down this evening: it’s the HTTPS Everywhere plugin, from the Electronic Frontier Foundation. Normally it works quite well, but either it or Tumblr came up with a bug last time one or the other updated.
It was happening for me in both Chrome and Firefox, and stopped when I disabled the plugin.
I submitted a support ticket to Tumblr, just to let them know it’s happening, and it looks like the plug-in folks are already aware of it, since I see a note for it in their bug-tracker. So if that’s a plug-in you like and the recent update starts giving you problems, hopefully it’ll be fixed soon!
(Incidentally it’s a really great plugin, normally. It encrypts your browser traffic so that even if it is intercepted on a network—say, somebody trying to steal your data on an open airport connection—your ID, passwords and data will remain unreadable to them. Unlike most other HTTPS solutions, it’s very easy to use!)