VULNERABILITY DETAILS
The search box or URL box in the Chrome browser is rendering the XSS payloads entered this behavior can be seen as Cross-site Scripting vulnerability. The issue is also rendering the payload which is saved as a bookmark in the browser please find the POC screenshots attached.  

VERSION
Chrome Version: Version 61.0.3163.100 (Official Build) (64-bit)
Operating System: Microsoft Windows 10 Pro Version:10.0.15063 Build 15063 

REPRODUCTION CASE
Please follow the below steps to reproduce the issue
1) Open Chrome Browser
2) Change Default Search Engine as Google in Settings
3) Enter the payload javascript:alert(document.domain) in the search/URL box
                              or
   Save payload as the URL link in the bookmark option which is shown below in 
   POC screenshot
4) Press Enter to render the payload in the browser
                              or
   Click on the tab which is saved as a bookmark to render the payload.



 

Deleted: Google Chrome XSS 1.JPG 69.5 KB

	Google Chrome XSS 1.JPG 69.5 KB View Download

Deleted: Google Chrome XSS 2.JPG 74.6 KB

	Google Chrome XSS 2.JPG 74.6 KB View Download

Deleted: Google Chrome XSS 3.JPG 72.3 KB

	Google Chrome XSS 3.JPG 72.3 KB View Download

Deleted: Google Chrome XSS 4.JPG 73.5 KB

	Google Chrome XSS 4.JPG 73.5 KB View Download

Deleted: Google Chrome XSS 5.JPG 79.0 KB

	Google Chrome XSS 5.JPG 79.0 KB View Download

Deleted: Google Chrome XSS 6.JPG 103 KB

	Google Chrome XSS 6.JPG 103 KB View Download