Through code search on file interface_registry.cc, suspected CL is one of the below two.

https://chromium.googlesource.com/chromium/src/+/8366b12610e369c46f257ea8d7ee6bf7a381d590%5E%21/services/shell/public/cpp/lib/interface_registry.cc

https://chromium.googlesource.com/chromium/src/+/60874c038aadb97965e681773c39899e025442a6%5E%21/services/shell/public/cpp/lib/interface_registry.cc

ben@, could you please take a look and help us to find correct owner if it is not related your changes.

ClusterFuzz has detected this issue as fixed in range 421498:421508.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4647671132585984

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::operator+
  blink::LocalDOMWindow::resizeBy
  blink::DOMWindowV8Internal::resizeByMethodCallback
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=421498:421508

Minimized Testcase (7.39 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97s-T4lBSgfw7bCjVa0FL1JQ3S2Ajx65trQW87JwnS4IT_NoPwYtni_Ekl0zVOE4nq1Qp_i_ARrhdlQ8ts1_w3tHGzkTe5yy5CKfT2X_zwNbZbgbDZZzrhhoSJVGffuIgnAw8-sCesSbpKoIc4GeRwB_TRNWw?testcase_id=4647671132585984

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot