Predator and CL did not provide any possible suspects.
Using Code Search for the file, "DOMPluginArray.cpp" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/309a5318b1dac39692ffd771f249b0f7e02e1fe5

@lfg -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

I can reproduce, this is issue is test-only, a problem in the layout test runner.

ClusterFuzz has detected this issue as fixed in range 484025:484263.

Detailed report: https://clusterfuzz.com/testcase?key=5993441652899840

Fuzzer: inferno_twister
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  false in DOMPluginArray.cpp
  blink::DOMPluginArray::item
  blink::V8PluginArray::indexedPropertyGetterCallback
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=481648:481685
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=484025:484263

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5993441652899840


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5993441652899840 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/18bb1984886aa473f24fefa9b91e4f524a086e45

commit 18bb1984886aa473f24fefa9b91e4f524a086e45
Author: Lucas Furukawa Gadani <lfg@chromium.org>
Date: Thu Jul 06 13:23:24 2017

Fix crash in TestRunner.

When disallowing plugins, TestRunner needs to notify blink so that
existing instances of DOMPluginArrays can be invalidated.

Bug:  737933 
Change-Id: I42257f458a509159fb196e63cb545aae4dd8ef86
Reviewed-on: https://chromium-review.googlesource.com/558544
Commit-Queue: Lucas Gadani <lfg@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Lukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#484566}
[modify] https://crrev.com/18bb1984886aa473f24fefa9b91e4f524a086e45/chrome/renderer/content_settings_observer.cc
[modify] https://crrev.com/18bb1984886aa473f24fefa9b91e4f524a086e45/chrome/renderer/content_settings_observer.h
[modify] https://crrev.com/18bb1984886aa473f24fefa9b91e4f524a086e45/content/shell/test_runner/mock_content_settings_client.cc
[modify] https://crrev.com/18bb1984886aa473f24fefa9b91e4f524a086e45/content/shell/test_runner/mock_content_settings_client.h
[modify] https://crrev.com/18bb1984886aa473f24fefa9b91e4f524a086e45/content/shell/test_runner/test_runner.cc
[modify] https://crrev.com/18bb1984886aa473f24fefa9b91e4f524a086e45/third_party/WebKit/Source/core/frame/ContentSettingsClient.cpp
[modify] https://crrev.com/18bb1984886aa473f24fefa9b91e4f524a086e45/third_party/WebKit/Source/core/frame/ContentSettingsClient.h
[modify] https://crrev.com/18bb1984886aa473f24fefa9b91e4f524a086e45/third_party/WebKit/Source/core/loader/FrameLoader.cpp
[modify] https://crrev.com/18bb1984886aa473f24fefa9b91e4f524a086e45/third_party/WebKit/public/platform/WebContentSettingsClient.h