VULNERABILITY DETAILS

Embedded iframe can move user to different page - breaking CORS protection. In detail CORS protection should avoid changing window.location of top frame from iframe element in different domain. This is one factor why safe-frames are used for - for example in advertisement companies - like dfp or ADX. 
This happens in some RTB houses and it is somehow exploited by attackers whose redirects users to phishing pages or ones with premium SMS subscriptions - encouraging user to take part in prize lottery one of requirements is to confirm your phone number - by doing that user is singing in premium SMS subscription.


VERSION
Chrome Version: 55.0.2883.95 (64-bit) stable, problem propapbly occurs on other versions - it is also a problem in Firefox and IE
Operating System: macOS sierra 10.12, got it also on VirtualBoxed Windows 7, and Windows 10

REPRODUCTION CASE
1. Create html page which contains script(page uploaded):
<script type="text/javascript">
    top.location.href="http://www.example.com";
</script>
2. Upload page to some hosting service
3. Create another HTML which will load page in iframe from point 2.
4. Upload page to some hosting service, which is in different domain than the one in point 2
5. Open page uploaded at point 4 in your browser
6. You should be redirected to www.example.com

7. Working example: http://wziatek.net/test/  is embedding in iframe page: http://gify12345gify.beta.onet.pl/test.html
8. Source page link: view-source:http://gify12345gify.beta.onet.pl/test.html

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
- no crash just redirect