Predator and CL did not provide any possible suspects.
Using Code Search for the file, "web_ui_message_handler.h" assigning to the concern owner.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/b0e0efcaf8951d0186ea75c1258c89d9bcb86822

@tommycli -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Test case is in print preview handler. Maybe rbpotter knows something about this.

This is due to some changes I made which changed PrintPreviewHandler to use FireWebUIListener/ResolveJavascriptCallback instead of CallJavascriptFunctionUnsafe. Just looked at a similar case in  https://crbug.com/747061  (the CHECK that broke there was preventing the IsJavascriptAllowed() CHECK from being reached). Apparently need to expand on the fix for that to kill the renderer any time we receive a message we are not expecting in Print Preview Handler.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/eb46aa931c70f5e0062149375b0f6cbb71fcffa3

commit eb46aa931c70f5e0062149375b0f6cbb71fcffa3
Author: rbpotter <rbpotter@chromium.org>
Date: Fri Aug 11 22:32:54 2017

Print Preview: Check for bad conditions before firing WebUI event

Many print preview WebUI events and Javascript callback resolutions/
rejections are triggered by IPC messages from the renderer. In these
cases, add checks that javascript is allowed and that the preview is
in the expected state prior to calling Javascript. Kill the renderer
if the check fails.

Bug:  749475 
Change-Id: I963c1f08d0cc8f8efd6a12edcea1e46815679bc9
Reviewed-on: https://chromium-review.googlesource.com/606891
Reviewed-by: Demetrios Papadopoulos (OOO till Sept 11th) <dpapad@chromium.org>
Commit-Queue: Rebekah Potter <rbpotter@chromium.org>
Cr-Commit-Position: refs/heads/master@{#493870}
[modify] https://crrev.com/eb46aa931c70f5e0062149375b0f6cbb71fcffa3/chrome/browser/ui/webui/print_preview/print_preview_handler.cc
[modify] https://crrev.com/eb46aa931c70f5e0062149375b0f6cbb71fcffa3/chrome/browser/ui/webui/print_preview/print_preview_handler.h

ClusterFuzz has detected this issue as fixed in range 493864:493893.

Detailed report: https://clusterfuzz.com/testcase?key=6112579918495744

Fuzzer: ipc_fuzzer_gen
Job Type: windows_asan_chrome_ipc
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  IsJavascriptAllowed(). Cannot CallJavascriptFunction before explicitly allowing 
  content::WebUIMessageHandler::CallJavascriptFunction<base::Value,base::Value,bas
  content::WebUIMessageHandler::FireWebUIListener<base::Value,base::Value,base::Va
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_ipc&range=488146:488166
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_ipc&range=493864:493893

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6112579918495744

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6112579918495744 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.