Predator and CL did not provide any possible suspects.
Using Code Search for the file, "web_ui_message_handler.h" assigning to concern owner.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/9d8cb77dbeb6a4f437ff50b6d0c3f8f40672a0a9

@dpapad -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

+tommycli

I don't seem to have access to the "detailed report" link. Also looking at the linked CL, it seems unlikely to have introduced the issue (in 1st case AllowJavascript() is already called, in 2nd case the code was already calling CallJavascriptFunction).

Is there a longer stack trace available?

ClusterFuzz has detected this issue as fixed in range 489161:489186.

Detailed report: https://clusterfuzz.com/testcase?key=6453832518467584

Fuzzer: ipc_fuzzer_gen
Job Type: windows_asan_chrome_ipc
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  IsJavascriptAllowed(). Cannot CallJavascriptFunction before explicitly allowing 
  content::WebUIMessageHandler::CallJavascriptFunction<base::Value,base::Value,bas
  content::WebUIMessageHandler::FireWebUIListener<base::Value,base::Value,base::Va
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_ipc&range=488146:488166
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_ipc&range=489161:489186

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6453832518467584


See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6453832518467584 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.