Related to issue 629377 . There's some limited checks now, but it would be much better if this was a typemap: then an invalid message would (or it should) result in killing the process sending the browser process the bad data, as well as closing the message pipe. From a security perspective, this is much better than keeping a process sending us invalid data alive.
Comment 1 by mfo...@chromium.org
, Aug 25 2016