Issue 760446  has been merged into this issue.

Predator and CL could not provide any possible suspects.
Using Code Search for the file, "ParseFeaturePolicy.h" assigning to the concern owner.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced

@loonybear -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Reproduced it locally. I think I know what the root cause is. I will fix it ASAP. Thanks

Fixing it in https://chromium-review.googlesource.com/c/chromium/src/+/643152

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b5167aa9f4bfa607f86a63661db834435e5024e2

commit b5167aa9f4bfa607f86a63661db834435e5024e2
Author: Luna Lu <loonybear@chromium.org>
Date: Wed Aug 30 22:41:10 2017

Fix crash i < size() in Vector.h introduced by ParseFeaturePolicy

Cause:
Tried to access the first item in a Vector without verifying its size() > 0.
Fix:
Check for empty Vector: if empty, skip

Bug:  760409 
Change-Id: I645530c010a1aaab909623433a5308836bd7c9a1
Reviewed-on: https://chromium-review.googlesource.com/643152
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Reviewed-by: Ian Clelland <iclelland@chromium.org>
Commit-Queue: Luna Lu <loonybear@chromium.org>
Cr-Commit-Position: refs/heads/master@{#498649}
[modify] https://crrev.com/b5167aa9f4bfa607f86a63661db834435e5024e2/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp
[modify] https://crrev.com/b5167aa9f4bfa607f86a63661db834435e5024e2/third_party/WebKit/Source/platform/feature_policy/FeaturePolicyTest.cpp

ClusterFuzz has detected this issue as fixed in range 498588:498664.

Detailed report: https://clusterfuzz.com/testcase?key=5736819756105728

Fuzzer: libFuzzer_feature_policy_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  i < size() in Vector.h
  blink::ParseFeaturePolicy
  blink::ParseFeaturePolicyHeader
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=498180:498221
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=498588:498664

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5736819756105728

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5736819756105728 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.