This is a duplicate of  issue #603893 . The fix landed in BoringSSL a bit ago but hadn't rolled into Chromium. It will once this lands:
https://codereview.chromium.org/1908753002/

ClusterFuzz has detected this issue as fixed in range 388776:388864.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4756198942834688

Fuzzer: webcrypto_ec_import_key_spki_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  ec_group_new
  ec_group_new_from_data
  EC_GROUP_new_by_curve_name
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=385552:385614
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=388776:388864

Minimized Testcase (0.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97rkALmmpm-mOGyATAsRVPkoq8x7IBbAi4yAuIkLLiEQsAxNGwd_0nORH5I9Q9r2448qL_RM1as-smlsrfBY-sVJuTR8duCEY-ANzhMzbGWnfWuAvnWQTIgxztreohpX_EWN0NhQNpRF9u_WsprmrNgFhs9Zg

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot