Bisected to 93df094081f04c629c3df2e40318de90ce5e0fb9.

The CL was reverted, so marking as fixed.

I'd like to figure out the cause so that I can re-insert the CL to the tree at a later time...

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 41908:41921.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6133529709903872

Fuzzer: inferno_webbot
Job Type: linux_asan_chrome_v8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000500000007
Crash State:
  v8::internal::Invoke
  v8::internal::Execution::Call
  v8::Script::Run
  
Recommended Security Severity: Medium

Regressed: V8: r41888:41904
Fixed: V8: r41908:41921

Minimized Testcase (0.10 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94rkyfP3rYMtCahPsaRLV8CTYHWEfkwIZCAmHaQdd694ejxVeT3Sfwp-8Za4CHXg0wDx3LSncfmpPsfVtHZj6tw0nRjSI5RME-N2JSWEvihADpCa_6AtEyWa5b73Hd7Jl302Lg7XeQClAywDpX5KSGqSB-lEg?testcase_id=6133529709903872
<script>
window.open("http://cfbdatawarehouse.com");
window.location = "http://selectcamp.nl";</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6133529709903872 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot