I've experienced pop-ups occurring that go behind. It's not like you don't notice it or anything though. Should this be considered a chrome security flaw? You did, after-all, grant privileges to that site. Revoke and report the site?
I would say yes. Pop-unders should be blocked, and modern browsers work pretty hard to, but it is often viewed as a "low priority" sec issue, and so workarounds are found, ignored, used in the wild, and patched. Here is one implementation, I have seen working versions up to Chrome ~30:
Another serious security issue is when the popunder waits for a while as the parent frame navigates itself to e.g. "java.com", then the child navigates the parent to a malicious drive-by download. This can make it appear to "spoof" a drive-by download. This attack vector has been known and ignored forever (I think Zalewski published about this years back). IE9 and 10 actually do a good job preventing this, but I know it works in most modern browsers.
