@nuplasticdevices -- Thank You for the report.

Downloaded the html file and opened with Chrome and was able to reproduce the issue. Clicking on Try it leads to Crash.

Tested the issue on Samsung J710 (Android 6.0.1) using Chrome Stable# 59.0.3071.125, Chrome Beta# 60.0.3112.78 and Chrome Dev# 61.0.3163.27 and was able to reproduce the issue on all channels.

Note: Also tested on M56# 56.0.2624.87 and could reproduce the issue. Changing the status to Untriaged so that the issue would get addressed.
go/chrome-androidlogs/754023

Thank You.

Thanks for the video! I can reproduce this when opening it from local storage.

Here's what I think is the relevant part of the log:

08-10 15:21:41.261 E/chromium(31751): [ERROR:validation_errors.cc(87)] Invalid message: VALIDATION_ERROR_DESERIALIZATION_FAILED
08-10 15:21:41.261 E/chromium(31751): [ERROR:render_process_host_impl.cc(3081)] Terminating render process for bad Mojo message: Received bad user message: Validation failed for PermissionService::RequestPermission deserializer [VALIDATION_ERROR_DESERIALIZATION_FAILED]
08-10 15:21:41.261 E/chromium(31751): [ERROR:bad_message.cc(23)] Terminating renderer for bad IPC message, reason 123

I'm guessing this is something to do with mojoification of location.

Some notes diagnosing this. +raymes who added the deprecation warning, may have insight (or not -- may be unrelated):

I didn't repro when:
 downloading location.html
 launching from chrome
 button press for location (I see location on map)
on stable 60, beta 61, dev 62.

I did repro a crash when downloading file, then using a file manager app on Android and loading to Chrome.
 The behavior in 60, 61 is crash.
 In 62 it reports a error, but does not crash.

62's error:
 PositionError
  code: 1
  message: "User denied Geolocation"

And a deprecation warning:
getCurrentPosition and watchPosition usage in cross-origin iframes is deprecated and will be disabled in M63, around December 2017. To continue to use this feature, it must be enabled by the embedding document using Feature Policy, e.g. <iframe allow="geolocation" ...>. See https://goo.gl/EuHzyv for more details.


I note that: 
 https://html5demos.com/geo/
  causes a prompt to appear requesting location. But 
 https://jsbin.com/ranexuw/1/edit?html,output and 
 https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_geolocation
  do not show the prompt and only fail with the PositionError code 1.

The deprecation warning is unrelated. #1 notes that the issue has been around since M56 which was quite some time before the deprecation warning. 

I also couldn't reproduce on M60 android via jsbin but it did crash when loaded from local. Has anyone been able to reproduce on jsbin? It may be due to form of the local URL on android.

Trying to upload a crash report now which may help.

Reilly/Conley may have ideas. The crash doesn't repro on Canary which would be because of the refactoring that Conley did I expect.

My guess is that when calling PermissionService::RequestPermission() from the renderer the value of GetExecutionContext()->GetSecurityOrigin() was an invalid url::Origin and thus being rejected by the browser process. After Conley's change this request is internal to the browser process and uses RenderFrameHost::GetLastCommittedURL().GetOrigin() instead. raymes@, I'm not familiar with all the various forms of URLs/origins that could be in play here. Does this explanation make sense to you?

Yep - that was my guess as well. 

nuplasticdevices: could you please confirm that this problem doesn't reproduce in Chrome Canary?

There is still the issue that Canary builds have, I noted as:
 https://html5demos.com/geo/
  causes a prompt to appear requesting location. But 
 https://jsbin.com/ranexuw/1/edit?html,output and 
 https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_geolocation
  do not show the prompt and only fail with the PositionError code 1.

Trying with a debug build, I get a crash on a SECURITY_DCHECK when I click "Try It" on the w3schools page:
[1:1:0906/171747.037747:FATAL:LayoutObject.h(320)] Security DCHECK failed: !NeedsLayout().
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/layout/LayoutObject.h?&l=320

One theory was that when we were making the security request, we weren't passing along the user gesture, but that is not the case.

That SECURITY_DCHECK seems unrelated. Can you file a separate bug for that with a stack trace?

I can't reproduce the SECURITY_DCHECK at this point.

Error from DVLOG
Attempt to use Geolocation from an invalid URL: ,https://www.w3schools.com/ (Geolocation is not supported in popups)

(the empty text before the comma is the requesting origin)

This goes back to our discussion regarding the difference between GetLastCommittedURL.GetOrigin() and GetLastCommittedOrigin.GetURL();

https://chromium-review.googlesource.com/c/chromium/src/+/558604#message-f7c1c127e27888841cb8d379a5495707112f1449
Apparently I submitted the opposite way that we had decided (if I am reading the conversation correctly).  Sorry about all this!  Will upload a fix soon.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/20f79a052898eb766f5f0b57232d64d1a001e9e5

commit 20f79a052898eb766f5f0b57232d64d1a001e9e5
Author: Conley Owens <cco3@chromium.org>
Date: Wed Sep 20 22:33:47 2017

geolocation: Request permission with last origin

Mistakenly, the GeolocationServiceImpl was calling
GetLastCommittedURL.GetOrigin() on its RenderFrameHost.  This change
corrects it to use GetLastCommittedOrigin.GetURL().

BUG= 754023 

Change-Id: I53dd3613d6d91def87f0d2f7b18f095edd75bd71
Reviewed-on: https://chromium-review.googlesource.com/664254
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Kinuko Yasuda (slow) <kinuko@chromium.org>
Commit-Queue: Conley Owens <cco3@chromium.org>
Cr-Commit-Position: refs/heads/master@{#503271}
[modify] https://crrev.com/20f79a052898eb766f5f0b57232d64d1a001e9e5/content/browser/geolocation/geolocation_service_impl.cc