Predator and CL could not provide any possible suspects.
Using Code Search for the file, "V8ScriptRunner.cpp" assigning to concern owner.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/73bb506d40e7618c72d23bb949fc37928ea68f21

@kouhei -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/62653ce9524ad66e965a2011b6306319fa72ef9a

commit 62653ce9524ad66e965a2011b6306319fa72ef9a
Author: Kouhei Ueno <kouhei@chromium.org>
Date: Thu Aug 17 00:04:41 2017

[ES6 modules] Add missing TraceWrapper graph for ScriptRunner

Before this CL, ScriptRunner was not TraceWrappered, thus ScriptLoaders held by ScriptRunner was not wrapper traced.
This CL makes ScriptRunner a TraceWrapperBase, and ensure ScriptLoaders held are wrapper traced.

Bug:  755024 
Change-Id: I3aaccb92afada28951380eea69003ba85579fe9e
Reviewed-on: https://chromium-review.googlesource.com/616524
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Kouhei Ueno <kouhei@chromium.org>
Cr-Commit-Position: refs/heads/master@{#495005}
[modify] https://crrev.com/62653ce9524ad66e965a2011b6306319fa72ef9a/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/62653ce9524ad66e965a2011b6306319fa72ef9a/third_party/WebKit/Source/core/dom/Document.h
[modify] https://crrev.com/62653ce9524ad66e965a2011b6306319fa72ef9a/third_party/WebKit/Source/core/dom/ModuleScript.h
[modify] https://crrev.com/62653ce9524ad66e965a2011b6306319fa72ef9a/third_party/WebKit/Source/core/dom/ScriptRunner.cpp
[modify] https://crrev.com/62653ce9524ad66e965a2011b6306319fa72ef9a/third_party/WebKit/Source/core/dom/ScriptRunner.h

ClusterFuzz has detected this issue as fixed in range 494974:495051.

Detailed report: https://clusterfuzz.com/testcase?key=5095620397498368

Fuzzer: inferno_twister_c
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !exception.IsEmpty() in V8ScriptRunner.cpp
  blink::V8ScriptRunner::ThrowException
  blink::V8ScriptRunner::ReportExceptionForModule
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=482161:482264
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=494974:495051

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5095620397498368

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5095620397498368 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug requires manual review: M61 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), ketakid@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+hablich@ for M61 merge review.

I might need to create a different patch for M61, as the WrapperTrace infrastructure has changed since M61. It will basically introduce the same ref graph, but automatic rebase will not work.

@govind: This is a Blink not a V8 patch. 

yeah, sorry.

kouhei@, per comment #11, you're planning to create a different patch for M61. Please update this bug once change is ready, baked/verified in Canary and safe to merge to M61. 

Please note We're only few weeks away from M61 Stable promotion, so merge bar is very high. We're only taking critical merges in.

If crash rate isn't super high, I think it makes sense to pass M61.
The M62 change is baked, but as described in c#11, we need to create completely different change for M61 fix, as the affected code diverged.

Based on the clusterfuzz report I checked the crash server and found that there is just 1 crash on Desktop Stable i.e., 60.0.3112.90, Please find details here : https://goto.google.com/uvyzc


Note : I am not 100% sure if this is just one magic stack where this crash would be seen. 

Would you mind checking on M61, as the bug was introduced in M61?

I tried to identify all the crashes which has the magic stack as "blink::V8ScriptRunner::" below you can find the categorization of crashes on M61 and over all Chrome versions :

Crashes on 61 : https://goto.google.com/xuvql 

Crashes on historical Chrome versions : https://goto.google.com/upddx

Note : As mentioned in comment#16, I am still not 100% sure unless someone with more insights confirm that the data in Comment#16 and this comment looks relevant.

I think below is more relevant. As I can't find real-world crashes, I think we should punt on M61 merge.

https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%20CONTAINS%20%27blink%3A%3AV8ScriptRunner%3A%3AThrowException%27%20AND%20product.Version%20CONTAINS%20%2761.0.%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D&unnest=

Rejecting merge to M61 branch 3163 based on comment #19.

Fixed in M62+ and M61 merge rejected per c#20 -> marking bug as fixed