Mike, do you mind to take a look or suggest another owner? Looks similar to  bug 590610  fixed two months ago.

This medium+ severity security issue is a regression on trunk.

Please fix this asap. If you are unable to look into this soon, please revert your change.

- Your friendly ClusterFuzz

mkwst: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

mkwst: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This is same stack as 610646. We just didn't realise we filed it twice. Also verified by https://cluster-fuzz.appspot.com/testcase?key=5743138161557504 since now it does not reproduce on trunk.

ClusterFuzz has detected this issue as fixed in range 392933:392978.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4975983190343680

Fuzzer: inferno_twister
Job Type: linux_ubsan_vptr_chrome
Platform Id: linux

Crash Type: Bad-cast
Crash Address: 0x7ffdff04db40
Crash State:
  Bad-cast to const blink::WebPasswordCredential from blink::WebCredential
  type_converters.cc:87:9
  
Recommended Security Severity: High

Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_chrome&range=392933:392978

Minimized Testcase (0.11 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97bgrppt32_3rkbDAfax3D6hyFuPaeGwz8g8Ucdr0tmPYPPPCU70KkRsGCDkcngC8vfIUU-lkrsCJd6WIfDXntvsTlUUxzpebPgddddmXIP-fCSzlcbwZKn1BrdeoCRRLKcwg8uNt0Vfk3nrx8r7YDi2c9R9g
<script>
navigator.credentials.store(new PasswordCredential({'id': 'name', 'password': 'password' }))
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot