graeme_p - 7:13 pm on Feb 17, 2012 (gmt 0)

The original article is better than the one linked above.

[online.wsj.com ]

The researcher's article actually explains it properly:

[webpolicy.org ]

Google was setting a cookie by using Javascript to submit a form, because responses to form submissions are allowed to set cookies. Three other big ad networks were doing the same.

Once a site sets one cookie, it is no longer blocked from setting third party cookies.

That last bit is a shortcoming of Safari. Incidentally, Google have patched this in webkit, so Apple can fix this by merging Google's code!

Incidentally, why on earth did anyone think that allowing Javascript to submit forms was a good idea? Sometimes browser vendors seem to be trying to make CSRF as easy as possible.