Even this issue looks similar to  issue 681356 .
meade@:Could you please take a look into this if its related to your change.
Assigned referring to the  issue 681356 .Feel free to dupe it if its the same.
Currently its impacting to the head.

ClusterFuzz has detected this issue as fixed in range 447209:447221.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5856840278867968

Fuzzer: lcamtuf_cross_fuzz
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  i < size() in Vector.h
  blink::CSSValueList::item
  blink::TransformBuilder::createTransformOperations
  
Sanitizer: cfi (CFI)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=445271:445954
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=447209:447221

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96yyJOFlD5_5SKlB7usI3kNcsZCfzSiLv3fD-K0mYgpP7ARtMBl9Uc2Ax7BS3Io8SQZVqOHP2Vw6LU5gEsSeEg8ooInLXvWqoexkYyUVmQUwZ339fweMTqCJX3nR6FvbhdxcMlpeDNZ-3AGW977Q7gAcIhtNpqeB__eqS-vINtoR_XRHXsyoqlS4BX90Ifb2L_qgTMqALP3sjxTW9xVsnsvwIZeXNpel8xHdboSEN2b7XKam7bQMXN2P3cg6NzzH_CIjgB79MhjTQ8jjW-Pp0FLz1u9GTXyqdJOmaUyuztYbtlRL6El949SO7UxJEiGVW9ptTYDiBFAQMqljKuVFXO0lIXtHASW1valU176QlIWRI9rBZw?testcase_id=5856840278867968


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5856840278867968 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.