Unable to reproduce the issue on Windows 7,10 using latest chrome Beta #61.0.3163.31 & latest Canary #62.0.3179.0

Opened new tab and made a search -> observed No crash 

baudav@ Could you please confirm are you able to reproduce this issue consistently? Please recheck this issue by creating a new profile under chrome://settings with no apps or extensions in your browser.
Please update the thread if issue still persists and also provide Crash Id for further Investigation

Thanks..!!

reproduce on my profil only since latest chrome update (version with very bad UI scheiss design forced for settings)
I always reproduce crash when open google.fr
But with this new very bad UI sheiss design it's very harsd to manage all settings.. clear selected cookies, enable or not option... (I swiched to Opera browser, to fast solve problem, google.fr work with all cookies imported)

ID du rapport d'erreur importé : 8872d39268000000 (ID de plantage local : cfa4e8e1-ea3a-465c-9ea5-5328b71b8751)
ID de plantage local : a64db96f-cfa8-4f87-b1a2-633e3e0c7bf0
ID de plantage local : 53e831a9-7e71-4748-98dd-86e4a915aeb1
ID du rapport d'erreur importé : 27e31dfc84000000 (ID de plantage local : 713f8f50-b336-4a32-a304-122193183603)
ID de plantage local : a8d8ff03-000b-43ff-b5d7-af2843996983
ID de plantage local : 79f57c19-f388-4034-a54f-c99e55368498
ID du rapport d'erreur importé : 606b7a0010000000 (ID de plantage local : 7fd97bdc-7c69-4680-9abc-91cb3157e30b)
ID du rapport d'erreur importé : 9526fff048000000 (ID de plantage local : 17e5a8a3-9c4b-43c4-84f1-ec1fb762ab77)
ID du rapport d'erreur importé : 88e7d99268000000 (ID de plantage local : de9fce84-31f8-4c0d-83ff-ac05b0e8e593)
ID de plantage local : e51a434e-abd4-4ae4-ab51-9f3832625515
ID de plantage local : 3d772011-1850-4840-9714-2109768bbcfe
ID du rapport d'erreur importé : 3a37ec3f88000000 (ID de plantage local : 64851497-ad0c-4c39-8a9c-4f02e4dd87fd)
...
more more... more test but not found why chrome crash.. tested without extension,same.

Thank you for providing more feedback. Adding requester "mmanchala@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

more info: I found how to not reproduce problem with google.fr
After more more search in setting; I found I autorize google.fr to access location.
After set google.fr to default value for location (= request), I can open google.fr without crash, and page not request me to access location.
When autorize google.fr to access location, chrome (tab) crash when open google.fr

Deleted: crash_2017-08-08_14-44-23.png 22.2 KB

	crash_2017-08-08_14-44-23.png 22.2 KB View Download

and linked to chrome://flags  Disable 'Feature Policy' (Enables granting and removing access to features through the Feature-Policy HTTP header. #enable-feature-policy) 

 can reproduce on canary 62.0.3179.0
and second problem linked to the same flags:  menu/help/report an issue... not work when disable 'Feature Policy'

Thanks for filing and updates!Checked with provided crash ids in crash server.
Stack Trace:
------------
Thread 0 (id: 7792) CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 ] MAGIC SIGNATURE THREAD
Stack Quality83%Show frame trust levels
0x000007fed496c4c0	(chrome_child.dll -frame.cpp:193 )	blink::Frame::IsFeatureEnabled(blink::WebFeaturePolicyFeature)
0x000007fed497e093	(chrome_child.dll -deprecation.cpp:204 )	blink::Deprecation::CountDeprecationFeaturePolicy(blink::Document const &,blink::WebFeaturePolicyFeature)
0x000007fed59e9978	(chrome_child.dll -geolocation.cpp:171 )	blink::Geolocation::RecordOriginTypeAccess()
0x000007fed59e9edd	(chrome_child.dll -geolocation.cpp:222 )	blink::Geolocation::StartRequest(blink::GeoNotifier *)
0x000007fed59ea4c7	(chrome_child.dll -geolocation.cpp:194 )	blink::Geolocation::getCurrentPosition(blink::PositionCallback *,blink::PositionErrorCallback *,blink::PositionOptions const &)
0x000007fed5aca494	(chrome_child.dll -v8geolocation.cpp:112 )	blink::GeolocationV8Internal::getCurrentPositionMethod
0x000007fed31216f3	(chrome_child.dll -api-arguments.cc:25 )	v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const &))
0x000007fed3121456	(chrome_child.dll -builtins-api.cc:112 )	v8::internal::`anonymous namespace'::HandleApiCallHelper<0>
0x000007fed3120e58	(chrome_child.dll -builtins-api.cc:142 )	v8::internal::Builtin_Impl_HandleApiCall
0x000007fed3120d7d	(chrome_child.dll -builtins-api.cc:130 )	v8::internal::Builtin_HandleApiCall(int,v8::internal::Object * *,v8::internal::Isolate *)
0x00000185cc2047a0		
0x000007fed32979ff	(chrome_child.dll + 0x002d79ff )	

1)This crash is first started on 59.0.3071.115 and on latest Beta #61.0.3163.31 seeing 33 from 2 different clients.
2)This crash seen on Windows & chrome OS.
3)This crash is not seen on latest Canary,Dev & Stable.

62.0.3175.3	1.54%	1	
62.0.3168.0	1.54%	1	
61.0.3163.31	50.77%	33	-beta
61.0.3163.26	1.54%	1	
61.0.3163.13	41.54%	27	
61.0.3162.0	1.54%	1	

Link to the list of builds:
---------------------------
https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3AFrame%3A%3AIsFeatureEnabled%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#-property-selector,samplereports:5,+productversion

Unable to find the suspect through code search. Hence untriaging the issue so that issue would get addressed.

Thank You!

Issue 753245 has been merged into this issue.

Issue 752766 has been merged into this issue.

Unclear so far if this is WebFeaturePolicyFeature or Location related. Raymes, WDYT?

I was able to reproduce this on ToT, running with FeaturePolicy disabled via command line, and doing a local search.

(www.google.ca => search for "a thing near me")

It appears that the code in Deprecation::CountDeprecationFeaturePolicy, which is tracking how many times the pre-feature-policy behaviour is being relied on, doesn't actually check to see whether FP is enabled before calling frame->IsFeatureEnabled().

I see this stack trace:

[1:1:0817/123148.401295:FATAL:Frame.cpp(193)] Check failed: feature_policy. 
#0 0x7f8326c602bd base::debug::StackTrace::StackTrace()
#1 0x7f8326c5e68c base::debug::StackTrace::StackTrace()
#2 0x7f8326ceee0a logging::LogMessage::~LogMessage()
#3 0x7f83155ed757 blink::Frame::IsFeatureEnabled()
#4 0x7f83155e5900 blink::Deprecation::CountDeprecationFeaturePolicy()
#5 0x7f831291f708 blink::Geolocation::RecordOriginTypeAccess()
#6 0x7f831291fb00 blink::Geolocation::StartRequest()
#7 0x7f831291f936 blink::Geolocation::getCurrentPosition()
#8 0x7f8312276cf5 blink::GeolocationV8Internal::getCurrentPositionMethod()
#9 0x7f8312275c25 blink::V8Geolocation::getCurrentPositionMethodCallback()
#10 0x7f83178fa282 v8::internal::FunctionCallbackArguments::Call()
#11 0x7f83179d9bf2 v8::internal::(anonymous namespace)::HandleApiCallHelper<>()
#12 0x7f83179d8470 v8::internal::Builtin_Impl_HandleApiCall()
#13 0x3889682843c4 <unknown>

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fb86b10bda0326d2e05c3f5f4060120613f91a76

commit fb86b10bda0326d2e05c3f5f4060120613f91a76
Author: Ian Clelland <iclelland@google.com>
Date: Fri Aug 18 14:25:20 2017

Fix crash in CountDeprecationWarning

The code to count cross-origin uses of features which are going to be
under the control of Feature Policy wasn't checking whether Feature
Policy itself was enabled before asking the frame to check its policy.
This caused a DCHECK to fire in Frame.cpp in that case.

Without Feature Policy, we can't meaningfully check whether the usage
of the feature would have been declined in every case, so this change
causes CountDeprecationWarning to return early. This may introduce some
undercounting, but since Feature Policy is now enabled by default, that
should be minimal (and this undercounting is not new; it was just
previously represented by crashes instead).

Bug:  752762 
Change-Id: Ia36a2f7c85de8cedc4a386803d428e9d351db012
Reviewed-on: https://chromium-review.googlesource.com/619366
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Ian Clelland <iclelland@chromium.org>
Cr-Commit-Position: refs/heads/master@{#495543}
[modify] https://crrev.com/fb86b10bda0326d2e05c3f5f4060120613f91a76/third_party/WebKit/Source/core/frame/Deprecation.cpp

This bug requires manual review: M61 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), ketakid@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Before we approve merge to M61, please answer followings:
* Is this M61 regression? Is it critical?
* Is the change well baked/verified in Canary, having enough automation tests coverage and safe to merge to M61?
* Any other important details to justify the merge.

Please note We're only few weeks away from M61 Stable promotion, so merge bar is very high.

1. Yes, this is a regression -- it causes a very quick renderer crash if Geolocation is requested when Feature Policy is disabled through flags.
I don't know whether or not this counts as critical, since the flag is enabled by default, but it likely means that Chrome is unusable with the flag disabled.
2. I do *not* have an automated test for this, but I'll see if I can work one up quickly.
3. The change is quite small, just adding a safety check to ensure that FP is enabled before calling the function which will otherwise crash. Not calling that function has no effect on the renderer, since it just avoids logging one UMA data point.

Please add automated test for this and then merge to M61.
Approving merge to M61 branch 3163 based on comment #17. 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/65302d8e4a97c073cbcc675da90c7a1ff1547d95

commit 65302d8e4a97c073cbcc675da90c7a1ff1547d95
Author: Ian Clelland <iclelland@google.com>
Date: Mon Aug 21 23:04:28 2017

Add regression test for FP deprecation crash.

This adds an automated test for the case where a feature-policy-
deprecation warning is triggered when feature policy is disabled. It
ensures that no usage is recorded, and that the renderer does not crash.

Bug:  752762 
Change-Id: I2da29263381c3078d2cb1bc83bcc3b05de564ee3
Reviewed-on: https://chromium-review.googlesource.com/624419
Commit-Queue: Ian Clelland <iclelland@chromium.org>
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#496105}
[modify] https://crrev.com/65302d8e4a97c073cbcc675da90c7a1ff1547d95/third_party/WebKit/Source/core/frame/UseCounterTest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2132f13fb3702dadaf31c0785cecd10766634880

commit 2132f13fb3702dadaf31c0785cecd10766634880
Author: Ian Clelland <iclelland@google.com>
Date: Mon Aug 21 23:24:52 2017

Fix crash in CountDeprecationWarning

The code to count cross-origin uses of features which are going to be
under the control of Feature Policy wasn't checking whether Feature
Policy itself was enabled before asking the frame to check its policy.
This caused a DCHECK to fire in Frame.cpp in that case.

Without Feature Policy, we can't meaningfully check whether the usage
of the feature would have been declined in every case, so this change
causes CountDeprecationWarning to return early. This may introduce some
undercounting, but since Feature Policy is now enabled by default, that
should be minimal (and this undercounting is not new; it was just
previously represented by crashes instead).

TBR=iclelland@google.com

(cherry picked from commit fb86b10bda0326d2e05c3f5f4060120613f91a76)

Bug:  752762 
Change-Id: Ia36a2f7c85de8cedc4a386803d428e9d351db012
Reviewed-on: https://chromium-review.googlesource.com/619366
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Ian Clelland <iclelland@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#495543}
Reviewed-on: https://chromium-review.googlesource.com/625016
Reviewed-by: Ian Clelland <iclelland@chromium.org>
Cr-Commit-Position: refs/branch-heads/3163@{#739}
Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528}
[modify] https://crrev.com/2132f13fb3702dadaf31c0785cecd10766634880/third_party/WebKit/Source/core/frame/Deprecation.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e30fc9ad343c20e2d67560f5ff057a2a28ee0945

commit e30fc9ad343c20e2d67560f5ff057a2a28ee0945
Author: Ian Clelland <iclelland@google.com>
Date: Mon Aug 21 23:28:01 2017

Add regression test for FP deprecation crash.

This adds an automated test for the case where a feature-policy-
deprecation warning is triggered when feature policy is disabled. It
ensures that no usage is recorded, and that the renderer does not crash.

TBR=iclelland@google.com

(cherry picked from commit 65302d8e4a97c073cbcc675da90c7a1ff1547d95)

Bug:  752762 
Change-Id: I2da29263381c3078d2cb1bc83bcc3b05de564ee3
Reviewed-on: https://chromium-review.googlesource.com/624419
Commit-Queue: Ian Clelland <iclelland@chromium.org>
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#496105}
Reviewed-on: https://chromium-review.googlesource.com/624956
Reviewed-by: Ian Clelland <iclelland@chromium.org>
Cr-Commit-Position: refs/branch-heads/3163@{#740}
Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528}
[modify] https://crrev.com/e30fc9ad343c20e2d67560f5ff057a2a28ee0945/third_party/WebKit/Source/core/frame/UseCounterTest.cpp