And here are more crashes: 
Crash ID: crash/00b9a65b00000000
Crash ID: crash/f95414cb00000000

I believe this is related to the fact I'm calling getPhotoCapabilities as when commenting out the line, I don't crash.

FYI, Adding a small timeout of 500ms before calling getPhotoCapabilities doesn't crash. If the timeout is about 200ms, it still crashes.

https://crash.corp.google.com/browse?q=stable_signature%3D%27content%3A%3AVideoCaptureManager%3A%3AOnDeviceStarted-7c854294%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports:15,+magicsignature,filepath,magicsignature2,operatingsystem,osversion,stablesignature2
is the crash search for this (only friends&family so far)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/124fafd9aae60044673495b39a775a931cbdf90e

commit 124fafd9aae60044673495b39a775a931cbdf90e
Author: mcasas <mcasas@chromium.org>
Date: Thu Oct 13 17:13:04 2016

VideoCaptureManager: handle case when GetDeviceEntryBySessionId is null

VCM's l.553 uses GetDeviceEntryBySessionId(request->first) without
checking the result, that could be null, and is, speculatively, the
root cause of the crashes linked in the bug.

BUG= 655522 

Review-Url: https://codereview.chromium.org/2419613003
Cr-Commit-Position: refs/heads/master@{#425072}

[modify] https://crrev.com/124fafd9aae60044673495b39a775a931cbdf90e/content/browser/renderer_host/media/video_capture_manager.cc

For repro, this needs at least 2 cameras connected and recognised.
Tentatively fixed by #6, to verify.

I'm waiting for the next CrOs Dev channel release to 
verify this bug (currently is 55.0.2883.17, should
move soon).

 Issue 657323  has been merged into this issue.

ot fixed, reproducible  using the instructions in  https://crbug.com/657323 :

What steps will reproduce the problem?
(1) Go to https://beaufortfrancois.github.io/sandbox/image-capture/get-photo-capabilities-crash.html (getUserMedia)
(2) Hit "Reload" button multiple times 
(3) It works fine
(4) Go to https://beaufortfrancois.github.io/sandbox/image-capture/get-photo-capabilities-crash.html?ImageCapture (getUserMedia + new ImageCapture)
(5) Hit "Reload" button multiple times 
(6) It works fine
(7) Go to https://beaufortfrancois.github.io/sandbox/image-capture/get-photo-capabilities-crash.html?ImageCapture&getPhotoCapabilities (getUserMedia + new ImageCapture + getPhotoCapabilities)
(8) Hit "Reload" button multiple times 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6a76be1ce16df264f18a66359177f91f2959fe77

commit 6a76be1ce16df264f18a66359177f91f2959fe77
Author: mcasas <mcasas@chromium.org>
Date: Fri Oct 21 04:30:15 2016

ImageCapture: fix using invalidated iterator after removing entry from |photo_request_queue_|

This CL avoids preincrementing a potentially invalidated iterator
after it has been erase()d from |photo_request_queue_|. It caused
the crash detailed in the bug.

BUG= 655522 
TEST= see bug, I could repro in a Linux dev debug build.

Review-Url: https://chromiumcodereview.appspot.com/2443473002
Cr-Commit-Position: refs/heads/master@{#426728}

[modify] https://crrev.com/6a76be1ce16df264f18a66359177f91f2959fe77/content/browser/renderer_host/media/video_capture_manager.cc

Preventively marking as Fixed, since I could 
repro consistently.

fbeaufort@ or myself should verify in the next
CrOs Canary

[bulk-edit : please ignore if not applicable]

Could you please set the correct milestone for this issue?