Version: 53.0.2754.0
OS: All

What steps will reproduce the problem?
1) Start a debug build of Chrome in --site-per-process.
2) Visit http://csreis.github.io/tests/
3) Visit http://csreis.github.io/tests/cross-site-iframe.html
4) Click "Go cross-site (simple)"
5) Update the title of the main frame: javascript:document.title='foo'

We fail the following UpdateTitle DCHECK because the page ID (from the main frame's RVH) says to update the previous NavEntry (since the main frame's RVH doesn't change its page ID in step 4).  Using nav_entry_id is correct here.

  // Try to find the navigation entry, which might not be the current one.
  // For example, it might be from a recently swapped out RFH.
  NavigationEntryImpl* entry = controller_.GetEntryWithPageID(
      render_frame_host->GetSiteInstance(), page_id);

  // TODO(creis): Switch to use this as the default.
  NavigationEntryImpl* new_entry = controller_.GetEntryWithUniqueID(
      static_cast<RenderFrameHostImpl*>(render_frame_host)->nav_entry_id());
  DCHECK_EQ(entry, new_entry);

This accounts for about half of the the crashes in issue 614310, since it explains the reason that nav_entry_id and page_id don't agree in OOPIF-enabled modes like --isolate-extensions and --site-per-process.  (We can't rely on page ID in those modes, since it can't keep track of commits in other processes.  That's the reason we're removing it in  issue 369661 .)

Strangely, there was another set of crashes in issue 614310 in default mode when OOPIFs aren't possible, so we'll need to track down that difference as well.