inferno@, could you take a look at this? It's similar to 	https://bugs.chromium.org/p/chromium/issues/detail?id=619377 (#619377)

A friendly reminder that M52 Stable is launching soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch by July 15, 5:00 PM PS in order to make into the desktop Stable final build cut. Thank you!

Can't reproduce this locally, this looks like a vm only issue. Closing.

ClusterFuzz has detected this issue as fixed in range 405563:405613.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5949856401326080

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_ubsan_vptr_content_shell_drt
Platform Id: linux

Crash Type: Bad-cast
Crash Address: 0x25990f494638
Crash State:
  Bad-cast to blink::WebGLObject from invalid vptr
  blink::WebGLProgram::deleteObjectImpl
  blink::WebGLSharedObject::detachContextGroup
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=404473:404506
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=405563:405613

Minimized Testcase (50.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96iGsON7UH4VX13H-myTKYwJjmvpd9XP2FkKy0H8-OzYXmztH01cPAwt-UoHwM91YR9jE4zwlk3qLjKfbnWvszlI45pVIWvJoxdSeYRwbVT8Ou3LZHZoUOXvPANoqg4IXFpxZhlzSBPFfUy3WfLM-79aXU_cdXT2slKaa1SXK8XAIZPc8Q?testcase_id=5949856401326080

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot