Chrome Version: 57.0.2952.0/9090.0.0 Falco,Paine and Gnawty
OS: Chrome

What steps will reproduce the problem?
(1)Sign in to user -> Go to chrome://md-settings page
(2)Now click on profile icon under 'People' to navigate to chrome://md-settings/changePicture page -> Try to change picture and observe Browser Crash (Please refer Video)

Expected: Should be able to change Picture for Profile
Actual: Instead Browser Crash is seen 

Below is the Crash Id:
5843601300000000

Stack Trace:
Thread 0 CRASHED [SIGSEGV @ 0x00000000 ] MAGIC SIGNATURE THREAD
Stack Quality96%Show frame trust levels

0x00007f4c00885c51	(chrome -user_manager_base.cc:675)	user_manager::UserManagerBase::NotifyUserImageChanged(user_manager::User const&)
0x00007f4bff8f7d5e	(chrome -user_image_manager_impl.cc:455)	chromeos::UserImageManagerImpl::Job::UpdateUser(std::unique_ptr<user_manager::UserImage, std::default_delete<user_manager::UserImage> >)
0x00007f4bff8f90d7	(chrome -user_image_manager_impl.cc:368)	chromeos::UserImageManagerImpl::Job::SetToDefaultImage(int)
0x00007f4c01a5c34d	(chrome -change_picture_handler.cc:308)	chromeos::settings::ChangePictureHandler::HandleSelectImage(base::ListValue const*)
0x00007f4bff535a41	(chrome -callback.h:85)	content::WebUIImpl::ProcessWebUIMessage(GURL const&, std::string const&, base::ListValue const&)
0x00007f4bff536c8b	(chrome -tuple.h:91)	content::WebUIImpl::OnMessageReceived(IPC::Message const&)
0x00007f4bfe5bbc8e	(chrome -web_contents_impl.cc:682)	content::WebContentsImpl::OnMessageReceived(content::RenderViewHost*, content::RenderFrameHost*, IPC::Message const&)
0x00007f4bff461a77	(chrome -render_view_host_impl.cc:757)	content::RenderViewHostImpl::OnMessageReceived(IPC::Message const&)
0x00007f4bff46f615	(chrome -render_widget_host_impl.cc:514)	content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const&)
0x00007f4bff45deb9	(chrome -render_process_host_impl.cc:2025)	content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const&)
0x00007f4c008a35e6	(chrome -ipc_channel_proxy.cc:340)	IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&)
0x00007f4bfe5e103c	(chrome -callback.h:68)	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x00007f4bfe5c8de1	(chrome -message_loop.cc:413)	base::MessageLoop::DoWork()
0x00007f4bfe5c9ab2	(chrome -message_pump_libevent.cc:218)	base::MessagePumpLibevent::Run(base::MessagePump::Delegate*)
0x00007f4bfff30627	(chrome -run_loop.cc:37)	base::RunLoop::Run()
0x00007f4bffc16c05	(chrome -chrome_browser_main.cc:1974)	ChromeBrowserMainParts::MainMessageLoopRun(int*)
0x00007f4bff271c0a	(chrome -browser_main_loop.cc:1086)	content::BrowserMainLoop::RunMainMessageLoopParts()
0x00007f4bff274874	(chrome -browser_main_runner.cc:141)	content::BrowserMainRunnerImpl::Run()
0x00007f4bff26ea9b	(chrome -browser_main.cc:46)	content::BrowserMain(content::MainFunctionParams const&)
0x00007f4bffbb7849	(chrome -content_main_runner.cc:793)	content::ContentMainRunnerImpl::Run()
0x00007f4bffbb64ea	(chrome -content_main.cc:20)	content::ContentMain(content::ContentMainParams const&)
0x00007f4bfe85937a	(chrome -chrome_main.cc:109)	ChromeMain
0x00007f4bfbe54fb5	(libc-2.19.so -libc-start.c:292)	__libc_start_main
0x00007f4bfe859190	(chrome+ 0x01243190)	_start
0x00007ffc0170c747	

This is Regression Issue as same is working fine in 56.0.2924.27/9000.28.0 Beta channel Peppy.

Note:
Issue is not seen in Chrome://settings page

 

Deleted: Actual_BrowserCrash.mp4 4.8 MB

	Actual_BrowserCrash.mp4 4.8 MB View Download

Deleted: Expected_ChangePicture.webm 658 KB

	Expected_ChangePicture.webm 658 KB View Download