Hm. At first I thought this might be related to RVO, sine the following lines look really suspicious:

"""
  NSUserActivity* userActivity = [[aClass performSelector:@selector(alloc)]
      performSelector:@selector(initWithActivityType:)
           withObject:handoff::kChromeHandoffActivityType];
  self.userActivity = base::scoped_nsobject<NSUserActivity>(userActivity);
"""

But I'm pretty sure that works as intended. So the only thing I can think of is that maybe we're misusing Handoff objects, or else the library is over-retaining.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/270e22d3713afcb3fec87282e71ec00e394a2e97

commit 270e22d3713afcb3fec87282e71ec00e394a2e97
Author: erikchen <erikchen@chromium.org>
Date: Fri Jun 16 22:06:04 2017

Minor refactor to HandoffManager.

NSUserActivity were being created, and then wrapped in a temporary
base::scoped_nsobject. Instead, immediately wrap in a base::scoped_nsobject on
creation.

BUG= 733017 

Review-Url: https://codereview.chromium.org/2940193002
Cr-Commit-Position: refs/heads/master@{#480190}

[modify] https://crrev.com/270e22d3713afcb3fec87282e71ec00e394a2e97/components/handoff/handoff_manager.mm

This is probably unrelated, due to the stack trace, but if you're in the AppNap experiment, there's a new NSUserActivity for each renderer: https://cs.chromium.org/chromium/src/content/child/child_thread_impl.h?sq=package:chromium&type=cs&l=289
https://cs.chromium.org/chromium/src/content/common/mac/app_nap_activity.h?sq=package:chromium&dr

I'm no longer seeing this issue, and the AppNap code is no longer there? Coincidence? Maybe we'll never know.