Potentially an easy fix. Going to throw a CL together, but will reassign if it turns out to be more complicated than I thought.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4b0414c2f976a361a5058beb148e15e57b962d06

commit 4b0414c2f976a361a5058beb148e15e57b962d06
Author: mbarbella <mbarbella@chromium.org>
Date: Thu Dec 29 22:10:30 2016

Reset all members in PrintSettings::Clear.

BUG= 677395 

Review-Url: https://codereview.chromium.org/2602053003
Cr-Commit-Position: refs/heads/master@{#440993}

[modify] https://crrev.com/4b0414c2f976a361a5058beb148e15e57b962d06/printing/print_settings.cc

ClusterFuzz has detected this issue as fixed in range 440981:441006.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6269078072459264

Fuzzer: therealholden_worker
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  void base::Pickle::WriteBytesStatic<4ul>
  IPC::ParamTraits<PrintMsg_Print_Params>::Write
  printing::PrintingMessageFilter::OnGetDefaultPrintSettingsReply
  
Recommended Security Severity: Low

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=440896:440913
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=440981:441006

Minimized Testcase (0.71 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95HJkoY30WsFHdnsJ-GIQxsDPwlQnIbm8m2cpqOlEUnR8h2UNPRrCRl9rwEKdZHG0L0Ju1IHEe7r-4OCada9IOkec8DAqU_Dun6CCRz1ALWKLrAvnL4AzZdlAcCaZ50QyBGhM9ohVsaMZbp32vQGJfS7IuO5zsApyR0uLIiK98220PJm44vJfb38-Q5eas21JosuUKhtpZUCA2hCFMEp9fDO3uQeD-85uJ8zFfnBSbsw0-EXCn8upIlayDmFJe13Hi43hRFad2vCIBTThLIYCLY5N3irmoUUD_3ST55XuCsX2GNnHohn3lmLts-0g1Nw0slAyXsim_3Z8AE7XwbslR8MeiRe8c2-3MLWxXiypgT-9WJV_k?testcase_id=6269078072459264
<html>
<a href='' id=buttonid rel='noreferrer' target='_blank'><button>Start</button></a>
<body>
<script>

  var b = document.getElementById('buttonid');
  b.href= location.origin+'/newtab-trh-7507057286953104025_87137502.html'


  if (window.eventSender) {
    if (window.testRunner) {
      testRunner.setCanOpenWindows();
    };
    var x = b.offsetParent.offsetLeft + b.offsetLeft + b.offsetWidth / 2;
    var y = b.offsetParent.offsetTop + b.offsetTop + b.offsetHeight / 2;
    eventSender.mouseMoveTo(x,y);
    eventSender.mouseDown();
    eventSender.mouseUp();
    if (window.testRunner) {
      testRunner.waitUntilDone();
      setTimeout('testRunner.notifyDone();',45000);
    };
  };

</script></body>
</html>



Additional requirements: Requires Gestures

Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6269078072459264 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

I'm afraid the panel declined to reward for this as they deemed it very unlikely to be exploitable.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot