For some unknown reason. On www.nhentai.net - this will only occur during your first visit. I am not sure why this is it (IP address/Cookie caching/IDK)

But a more reliable way to see this same mechanism in action is www.kissanime.ru (the same thing should happen every time you click "play" on any selected anime)
(like when you click this http://i.imgur.com/V1muTO5.png)

Another would be http://popunderjs.com/ - the service that I believe both nhentai and kissanime are using and that are actually developing this "exploit"

This appears to be similar to Issue 618362. 

I believe it's expected that an embedded PDF can run script, but it shouldn't be able to bypass the popup blocker.

In visiting that site (NSFW, btw), I don't see any popups until I click. A click is a user-initiated-action gesture which allows a single popup to open.

Thanks for the reply. I was just concerned that this might be a possible loophole since I did not know that "it's expected that an embedded PDF can run script".

So I am assuming that despite being able to run script, embedded PDF files would not be able to do more (e.g. install extensions & log passwords, etc) - and that indeed this feature is safe?

Yeah, this is just a PDF file embedded in the page; PDFs can have embedded JavaScript that runs if JavaScript is enabled in the browser. 

In the past, the most interesting thing you could do with JavaScript-embedded in PDF in Chrome was circumvent the popup blocker, but that vector should be closed at this point.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot