TL;DR;

I stumbled upon this https://www.google.ro/amp/ nothing fancy isn’t it?. The issue is that the next element in the path can be any domain and google will redirect you to this, this leaves the attacker some room for some impersonation, as the application there doesn’t even perform a check that it’s a google service that you’re redirecting too.

Someone could use this attack to gain higher SEO ranks, or impersonating google links in emails, or even triggering popups that chrome doesn’t really block because it comes from a google domain.