Find it and CL did not provide any possible suspect.
Using code search for file "SelectorChecker.cpp" from line #12 and suspecting the below change
Review URL: https://codereview.chromium.org/2588103003

lukasza@ - Observed some recent changes on this file so assigning to you, could you please check if this is caused with respect to your change, if not please help us in reassign the issue to the right owner.

Thanks!

schenney@ - I wonder if I can reassign to you (this is somewhat similar to  issue 675139  or  issue 683650 ).  FWIW, I think that the CL pointed out in #c1 shouldn't cause any behavior change.

Hey schenney@,

Are you working on this? It seems like we could just fail fast on very large numbers.
I attempted to fix something very similar in https://codereview.chromium.org/2191253002/

meade@, I'm not working on this and I agree the best thing is to fail fast when asked to handle big numbers in cases where one normally wouldn't want them.

meade: Ping. Any update here?

Converted label to hotlist

CL up and in progress: https://codereview.chromium.org/2825993002

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/111fffdac5769c2358cd7e1d272529bbcca41700

commit 111fffdac5769c2358cd7e1d272529bbcca41700
Author: meade <meade@chromium.org>
Date: Thu May 11 10:19:16 2017

Prevent integer overflows in ANPlusB handling

BUG= 675112 

Review-Url: https://codereview.chromium.org/2825993002
Cr-Commit-Position: refs/heads/master@{#470899}

[modify] https://crrev.com/111fffdac5769c2358cd7e1d272529bbcca41700/third_party/WebKit/Source/core/css/CSSSelector.cpp
[modify] https://crrev.com/111fffdac5769c2358cd7e1d272529bbcca41700/third_party/WebKit/Source/core/css/CSSSelector.h
[modify] https://crrev.com/111fffdac5769c2358cd7e1d272529bbcca41700/third_party/WebKit/Source/core/css/CSSSelectorTest.cpp
[modify] https://crrev.com/111fffdac5769c2358cd7e1d272529bbcca41700/third_party/WebKit/Source/core/css/parser/CSSSelectorParser.cpp
[modify] https://crrev.com/111fffdac5769c2358cd7e1d272529bbcca41700/third_party/WebKit/Source/core/css/parser/CSSSelectorParserTest.cpp

ClusterFuzz has detected this issue as fixed in range 470772:470990.

Detailed report: https://clusterfuzz.com/testcase?key=5101012777172992

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::CSSSelector::RareData::matchNth
  blink::SelectorChecker::checkPseudoClass
  blink::SelectorChecker::matchSelector
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=433807:433985
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=470772:470990

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5101012777172992


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5101012777172992 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

 Issue 721626  has been merged into this issue.