Predator and CL did not provide any possible suspects.
Using Code Search for the file, "SimplifiedBackwardsTextIterator.cpp" assigning to the related owner.

@xiaochengh -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Lower to Pri-3, since this is happend with unusual HTML, e.g. SVG element contains
HTML elements.

ExpandToParagraphBoundary() call in CalculateHotModeCheckingRange() "HotModeSpellCheckRequester.cpp" returns wrong range.

This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 552588:552589.

Detailed report: https://clusterfuzz.com/testcase?key=6157056561381376

Fuzzer: bj_broddelwerk
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  static_cast<unsigned>(text_offset_ + text_length_) <= text.length() in Simplifie
  blink::SimplifiedBackwardsTextIteratorAlgorithm<blink::EditingAlgorithm<blink::N
  blink::SimplifiedBackwardsTextIteratorAlgorithm<blink::EditingAlgorithm<blink::N
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=467851:467953
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=552588:552589

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6157056561381376

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6157056561381376 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.