UserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 UBrowser/6.1.2015.1007 Safari/537.36

Steps to reproduce the problem:
1. open the crome browser and go to gmail.com@facebook.com
2. now it will be redirected to the facebook.com and leads to the open redirecion,this is because no browser security implementation in the chrome browser and with this many websites are vulnerable to this type of attack 

What is the expected behavior?

What went wrong?
scenario

1.lets take a website as http://test.com/cD.do?targetURL=https://google.com
2.and the website is using some mechanism and it doesnot redirect into the google.com and shows as http://test.comhttps://google.com
3.now if we keep @google.com in the targetURL=@google.com
now it will be redirected to the google.com in between this the url will be converted like test.com@google.com,here any website after "@"is treated as actual website and this leads to open redirection
4.as like protection for xss their should be some security implementation for open redirection also in the chrome browser

5.for the clear understanding i have found a website to show the redirection 

Did this work before? N/A 

Chrome version: 57.0.2987.133  Channel: n/a
OS Version: 10.0
Flash Version:
 

Deleted: chrome open redirection .mp4 1.3 MB

	chrome open redirection .mp4 1.3 MB View Download