VULNERABILITY DETAILS
Its is an open redirect bug which is in Chrome Browser.Browser read the user URL and redirect to the host name present in that URL like if url is URL: https://www.gmail.com it will redirect us to gmail.com. But same is not the case with this URL https://gmail.com%2f@evil.com on copy and pasting this url in the browser it is redirecting to evil.com or any other malicious site without giving any notification the user that you are redirecting to the malicious website.
This is happened in the latest version 

Note:- Could only be bypass if user copy and paste the URL in the browser  or select the url and right click and choose the options Go To this website. But if the same URL is opened in the Internet Explorer or Chrome or Safari it will notifies the user regarding the redirect to which website.

VERSION
Chrome Version:  49.0.2623.112 m (64-bit)
Operating System: Windows 7 Professional,64 bit

REPRODUCTION CASE
POC:- https://gmail.com%2f@evil.com
      https://gmail.com%2f@facebook.com

Note:- Just change the parameter after @

1) copy and paste the url in the browser and it will take it to the malicious site.

Thanks and Regards,
Divya CHawla