SUMMARY:
Typically, when obfuscating a URL, you must trick someone into viewing a website they did not want to view by tempting them with something they are familiar with.

Products affected:
Latest Version of chrome in WINDOWS

Steps To Reproduce:

1.We can trick someone into viewing it like this:
  http://example.com@sample.com
2.This will make the user think they are going to go to example.com, when really 
   they are going to sample.com

Live POC:
https://brave.com@secuna.ph/
They thought they will be redirect to brave.com but the page displays secuna.ph

I attached a video and make sure to focus your eyes in the URL Address.

I have tried the same url : https://google.com@secuna.ph/ in mozilla firefoz and tor browser but in both of the browsers it is showing a dialogue box which warns the users that it might be a trick to harm the users but google chrome is not showing any warning like that and directly redirecting the users.(kindly find the attached images to see how other browsers are warning the victims)



VERSION
Chrome Version: Version 59.0.3071.115 (Official Build) (64-bit)
Operating System: WINDOWS 8.0

Kindy find the attached video poc.

Thanks!
 

Deleted: GOOGLE BUG POC.mkv 3.3 MB

GOOGLE BUG POC.mkv 3.3 MB Download

Deleted: Screenshot (2788).png 102 KB

	Screenshot (2788).png 102 KB View Download