Predator and CL could not provide any possible suspects.
Using the code search for the file, “window_tree_host.cc” assigning to concern owner from GIT revision log.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/e265d970d1b5dbe670badff34d4692d39714e58e

@sadrul -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.

Thank You.

Is there a way to see the reproduction steps for the crashes? (I seem to remember clusterfuzz used to have some instructions on what happened during the session that lead to the crash, but maybe that was only for linux/x11?)

 Issue 766436  has been merged into this issue.

ClusterFuzz testcase 5322804718469120 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz testcase 4558175717294080 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

ClusterFuzz has detected this issue as fixed in range 506630:506658.

Detailed report: https://clusterfuzz.com/testcase?key=4558175717294080

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x0000005c
Crash State:
  aura::Window::GetRootWindow
  aura::client::GetCaptureWindow
  aura::WindowTreeHost::OnHostLostWindowCapture
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=441984:442831
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=506630:506658

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4558175717294080

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.