Predator did not find any possible suspects.
Assigning to concern owner from CL --
https://chromium.googlesource.com/chromium/src/+log/6899098c691dd693391f5fa19456e571009c0e47..a89b266bed601b1526e49553ad929681c31b2de9?pretty=fuller

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/4284165bb5adcb7cf7c06565e9f13e2c0fb775d4

@drott -- Could you please look into the issue, please re-assign if it has nothing to do with your changes.
Thank You.

Just to update this crash info:
Magic signature:
---------------
'blink::FontWeightNeedsResolving'

Stack trace:
------------
Thread 0 (id: 8488) CRASHED [EXCEPTION_BREAKPOINT @ 0x000007fecdace619 ] MAGIC SIGNATURE THREAD
Stack Quality78%Show frame trust levels
0x000007fecdace619	(chrome_child.dll -editingstyle.cpp:1686 )	blink::FontWeightNeedsResolving
0x000007fecdace7f5	(chrome_child.dll -editingstyle.cpp:1714 )	blink::GetPropertiesNotIn
0x000007fecdad00d4	(chrome_child.dll -editingstyle.cpp:1394 )	blink::EditingStyle::RemoveStyleFromRulesAndContext(blink::Element *,blink::ContainerNode *)
0x000007fecdaff4f5	(chrome_child.dll -replaceselectioncommand.cpp:608 )	blink::ReplaceSelectionCommand::RemoveRedundantStylesAndKeepStyleSpanInline(blink::ReplaceSelectionCommand::InsertedNodes &,blink::EditingState *)
0x000007fecdafd2bf	(chrome_child.dll -replaceselectioncommand.cpp:1404 )	blink::ReplaceSelectionCommand::DoApply(blink::EditingState *)
0x000007fecdaea012	(chrome_child.dll -compositeeditcommand.cpp:139 )	blink::CompositeEditCommand::Apply()
0x000007fecdadf989	(chrome_child.dll -editorcommand.cpp:978 )	blink::ExecuteInsertHTML
0x000007fecdadecbc	(chrome_child.dll -editorcommand.cpp:3025 )	blink::Editor::Command::Execute(WTF::String const &,blink::Event *)
0x000007fecdae5d9b	(chrome_child.dll -documentexeccommand.cpp:92 )	blink::Document::execCommand(WTF::String const &,bool,WTF::String const &,blink::ExceptionState &)
0x000007fecd8fc617	(chrome_child.dll -v8document.cpp:3710 )	blink::DocumentV8Internal::execCommandMethod
0x000007fecd8fc6b9	(chrome_child.dll -v8document.cpp:5877 )	blink::V8Document::execCommandMethodCallback(v8::FunctionCallbackInfo<v8::Value> const &)
0x000007fecb66e10f	(chrome_child.dll -api-arguments.cc:25 )	v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const &))
0x000007fecb66de55	(chrome_child.dll -builtins-api.cc:112 )	v8::internal::`anonymous namespace'::HandleApiCallHelper<0>
0x000007fecb66dc68	(chrome_child.dll -builtins-api.cc:142 )	v8::internal::Builtin_Impl_HandleApiCall
0x000007fecb66db79	(chrome_child.dll -builtins-api.cc:130 )	v8::internal::Builtin_HandleApiCall(int,v8::internal::Object * *,v8::internal::Isolate *)
0x00000039810047a0		
0x000007fecb776e47	(chrome_child.dll -ic.cc:743 )	v8::internal::IC::PatchCache(v8::internal::Handle<v8::internal::Name>,v8::internal::Handle<v8::internal::Object>)
0x0000016402882310		

1.This is a top 4 renderer crash seen only on latest Canary-62.0.3167.0 & seeing 38 instances from 32 clients so far.
2.This crash is seen only on Windows OS

Link to the list of builds:
---------------------------
https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3AFontWeightNeedsResolving%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D

Change log:
-----------
https://chromium.googlesource.com/chromium/src/+log/62.0.3166.0..62.0.3167.0?pretty=fuller&n=10000

Since it is regressed recently, adding Release block stable label. Please remove if not required.

drott@Could you please take a look into this issue.

Thanks..!!

Top crash in latest canary- 62.0.3168.0. Please fix/revert ASAP.

ClusterFuzz has detected this issue as fixed in range 489756:489861.

Detailed report: https://clusterfuzz.com/testcase?key=5916756521779200

Fuzzer: bj_broddelwerk
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: Breakpoint
Crash Address: 0xabc70540
Crash State:
  blink::FontWeightNeedsResolving
  blink::GetPropertiesNotIn
  blink::EditingStyle::RemoveStyleFromRulesAndContext
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=489314:489347
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=489756:489861

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5916756521779200


See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5916756521779200 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Reopening this because the CL in question was re-landed. Fix up in https://chromium-review.googlesource.com/c/590368/

Issue 749757 has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/45eda9a363fbb2f1be0acc9819152a4dad73381b

commit 45eda9a363fbb2f1be0acc9819152a4dad73381b
Author: Dominik Röttsches <drott@chromium.org>
Date: Fri Jul 28 11:35:55 2017

Remove FontWeightNeedsResolving assertion again

FontWeightNeedsResolving may receive other CSSValues than CSSIdentifier-
or CSSPrimitiveValue, for example CSSInitialValue. For those, the answer
needs to be true in this function. Compare to the code before
https://chromium-review.googlesource.com/c/589569/

Bug:  749217 
Change-Id: I05b71cc12bf9ba0df5c9ce2998369a4b94f75017
Reviewed-on: https://chromium-review.googlesource.com/590368
Reviewed-by: Koji Ishii <kojii@chromium.org>
Commit-Queue: Dominik Röttsches <drott@chromium.org>
Cr-Commit-Position: refs/heads/master@{#490362}
[modify] https://crrev.com/45eda9a363fbb2f1be0acc9819152a4dad73381b/third_party/WebKit/Source/core/editing/EditingStyle.cpp