If you click on the Post on the top right, then drop an image onto the box, Facebook will fail to recognize it as an image and tries to read it as a link. This is not the main point though.
The weird part is that it knows what the fullpath is.
This shouldn't be happening since Chrome is sandboxed, and every path, in theory, should be changed to "fakepath" for security reasons.
Somehow Facebook managed to do that. But the question is, how?