Predator and CL did not provide any possible suspects.
Using Code Search for the file, "CSSSelector.cpp" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/ffc655c99fef91f49ad7906344d51678c3853b74

@rego -- Could you please look into the issue, kindly re-assign if this issue is not related to your changes.
Thank You.

I don't get why I got this assigned, as the commit range for the regression is from a long time ago and totally unrelated to the ":focus-within" change.

Anyway that's what I've found, the test case only fails in "content_shell" for me, not "chrome".
It fails in a regular build, no need for ASAN.
The attached example creates a CSS like (with 5000 ".x" instead of 10):
  .x .x .x .x .x .x .x .x .x .x { color: red; }

And then we got the stack overflow in a loop processing that information.
I'm attaching the backtrace too.

It'd be nice to verify if it was working before the range 349651:349657,
and check what's the one introducing the issue.
Or maybe this was never working as it's a huge selector, dunno.

From the commit range the most suspicious commit would be the V8 roll:
"Update V8 to version 4.7.59."
https://chromium.googlesource.com/chromium/src/+/708a393f7c9604afec7112b85bb8658e3494fbfc

But again, I'm not sure at all.

Deleted: bug-719374-minimized.html 380 bytes

bug-719374-minimized.html 380 bytes View Download

Deleted: bug-719374-backtrace.txt 9.3 KB

bug-719374-backtrace.txt 9.3 KB View Download

I suspect this is working as intended.

The SelectorText() method should not need to be recursive. I've tried to flatten it here: https://chromium-review.googlesource.com/c/506020/

meade@: stole it from you :-/

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/aa5a95a83839797b36acb9b6e015c8e1ca4f4b58

commit aa5a95a83839797b36acb9b6e015c8e1ca4f4b58
Author: Rune Lillesveen <rune@opera.com>
Date: Tue May 23 18:00:45 2017

Make CSSSelector::SelectorText() non-recursive.

Should fix the stack overflow issue for selectors with an excessive
amount of compound selectors.

R=meade@chromium.org
BUG= 719374 

Change-Id: I2a1cfb8cb2d00d96f8d46a6e7317c5871020c6cd
Reviewed-on: https://chromium-review.googlesource.com/506020
Reviewed-by: Eddy Mead <meade@chromium.org>
Commit-Queue: Rune Lillesveen <rune@opera.com>
Cr-Commit-Position: refs/heads/master@{#473972}
[modify] https://crrev.com/aa5a95a83839797b36acb9b6e015c8e1ca4f4b58/third_party/WebKit/Source/core/css/CSSSelector.cpp
[modify] https://crrev.com/aa5a95a83839797b36acb9b6e015c8e1ca4f4b58/third_party/WebKit/Source/core/css/CSSSelector.h

ClusterFuzz has detected this issue as fixed in range 473937:473999.

Detailed report: https://clusterfuzz.com/testcase?key=5070721876492288

Fuzzer: inferno_twister
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: Stack-overflow
Crash Address: 0x7fff57486fe8
Crash State:
  blink::CSSSelector::SelectorText
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=349651:349657
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=473937:473999

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5070721876492288


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.