This repros for me on Linux, so I assume this affects all platforms.

guidou@: Are you aware of any changes to the intended behavior of handling video capture from pop-up windows?

I will do a bisect to narrow down the commit-range.

Bisect delivered the following commit range:
https://chromium.googlesource.com/chromium/src/+log/93ccede540fea5eab25f65c15bc284a5c2c2dfbf..4808673d8daf77d882a14591d103a052c92a430f

Out of the 4 CLs in that range, it appears that the relevant one is
https://chromium.googlesource.com/chromium/src/+/dfa8b4938091b9500dc5a5ac2835b95f4e24ec04

The question now is, does the change in the behavior as observed and reported here match the change intended with this CL.

raymes@: Please provide input on this.

Humm..that's unfortunate. 

laforge: Let me know what you think we should do here. This change actually brought us in-line with the behavior of other permissions on the web in terms of not being allowed on about:blank pages. However that behavior is questionable and this is technically an unintended regression. It's unclear how many sites this will impact. I have a very simple fix which reverts part of the code that broke this: https://chromium-review.googlesource.com/c/569544 . How likely is it that we would merge this to M60?

Also +bustmante who is desktop owner for M60.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/16d3c419f2ce2085ae70f9052a82464adc7b5b72

commit 16d3c419f2ce2085ae70f9052a82464adc7b5b72
Author: Raymes Khoury <raymes@chromium.org>
Date: Thu Jul 13 06:16:23 2017

Allow webrtc requests to be made from about:blank URLs that are secure contexts

https://codereview.chromium.org/2880503002 added checks to
PermissionContextBase::GetPermissionStatus that ensured that the
embedding origin was secure if the permission required a secure context.
The problem is that in the case of about:blank URLs, the browser does
not know if they are secure or not. They may be secure contexts (from
the perspective of blink) if opened and modified by a secure context.

This change caused media permissions to stop working from about:blank
URLs so it is removed. There are still renderer-side checks which ensure
that the current context is secure before permitting media access. In
the long term we should unify the browser/renderer-side secure context
checks.

BUG= 740540 

Change-Id: Iff319f62284f9d22ca54706526b2747a73477e86
Reviewed-on: https://chromium-review.googlesource.com/569544
Reviewed-by: Timothy Loh <timloh@chromium.org>
Commit-Queue: Raymes Khoury <raymes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#486288}
[modify] https://crrev.com/16d3c419f2ce2085ae70f9052a82464adc7b5b72/chrome/browser/media/webrtc/media_stream_device_permission_context_unittest.cc
[modify] https://crrev.com/16d3c419f2ce2085ae70f9052a82464adc7b5b72/chrome/browser/permissions/permission_context_base.cc

It's a bit late in the cycle for 60, but is probably worth asking for given the potential for breaking existing sites.

This still isn't in Canary but adding Merge-Request-60 to give release owners a heads up and get their opinion on whether to merge. Again I'm not sure how many sites are affected, probably only small number and if we need to wait until 61 it might be ok. 

This bug requires manual review: We are only 10 days from stable.
Please contact the milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), josafat@(ChromeOS), bustamante@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Recommendation is to wait until M61. This does not meet the bar for M60, since we are less than 2 weeks away from M60 Stable promotion. 

In that case marking as fixed. This will be "broken" for 1 release, although to be honest it's not completely clear that we should allow these requests anyway give the current UI of about:blank.

Based on more discussion about this in https://bugs.chromium.org/p/chromium/issues/detail?id=742049 I've decided to revert the patch we landed here.

I'm going to let the behavior that we released in M60 stand, which is that mic/camera requests from about:blank origins will fail. The reasons being:
1) It's consistent with the behavior of other permissions
2) It's potentially confusing/misleading for a user granting permission because the origin displayed in the omnibox is "about:blank".

If the behavior is changed such that document.write triggers a navigation and the URL in omnibox is updated to reflect the origin, then it would be more acceptable to allow permission requests to occur.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/11a66767dd7c9cd51bd53ec85fa06ad3ec5e5cc8

commit 11a66767dd7c9cd51bd53ec85fa06ad3ec5e5cc8
Author: Raymes Khoury <raymes@chromium.org>
Date: Tue Jul 18 00:55:44 2017

Revert "Allow webrtc requests to be made from about:blank URLs that are secure contexts"

This reverts commit 16d3c419f2ce2085ae70f9052a82464adc7b5b72.

Based on more discussion about this in https://bugs.chromium.org/p/chromium/issues/detail?id=742049 I've decided to revert the patch we landed here.

I'm going to let the behavior that we released in M60 stand, which is that mic/camera requests from about:blank origins will fail. The reasons being:
1) It's consistent with the behavior of other permissions
2) It's potentially confusing/misleading for a user granting permission because the origin displayed in the omnibox is "about:blank".

If the behavior is changed such that document.write triggers a navigation and the URL in omnibox is updated to reflect the origin, then it would be more acceptable to allow permission requests to occur.

Original change's description:
> Allow webrtc requests to be made from about:blank URLs that are secure contexts
> 
> https://codereview.chromium.org/2880503002 added checks to
> PermissionContextBase::GetPermissionStatus that ensured that the
> embedding origin was secure if the permission required a secure context.
> The problem is that in the case of about:blank URLs, the browser does
> not know if they are secure or not. They may be secure contexts (from
> the perspective of blink) if opened and modified by a secure context.
> 
> This change caused media permissions to stop working from about:blank
> URLs so it is removed. There are still renderer-side checks which ensure
> that the current context is secure before permitting media access. In
> the long term we should unify the browser/renderer-side secure context
> checks.
> 
> BUG= 740540 
> 
> Change-Id: Iff319f62284f9d22ca54706526b2747a73477e86
> Reviewed-on: https://chromium-review.googlesource.com/569544
> Reviewed-by: Timothy Loh <timloh@chromium.org>
> Commit-Queue: Raymes Khoury <raymes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#486288}

TBR=raymes@chromium.org,timloh@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  740540 
Change-Id: I55be050873745910e282be420d4ac8030a2d141f
Reviewed-on: https://chromium-review.googlesource.com/572479
Reviewed-by: Raymes Khoury <raymes@chromium.org>
Commit-Queue: Raymes Khoury <raymes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#487325}
[modify] https://crrev.com/11a66767dd7c9cd51bd53ec85fa06ad3ec5e5cc8/chrome/browser/media/webrtc/media_stream_device_permission_context_unittest.cc
[modify] https://crrev.com/11a66767dd7c9cd51bd53ec85fa06ad3ec5e5cc8/chrome/browser/permissions/permission_context_base.cc