Open redirect is a vulnerability which, in my opinion, tends to be overvalued.

I agree with the sentiment. In general users should trust the address bar as the only reliable security indicator. The thing is that it is no longer true in case of Electron. In Electron app we don’t have the address bar, hence the user is unable to confirm to identity of the website. So in this case, it is clearly a severe vulnerability.

Matt Austin (@mattaustin) proved in a tweet that it could actually be exploited to gain a code execution.

source: L