Predator and CL could not provide any possible suspects.
Using the code search for the file, “boxpainter.cpp” assigning to concern owner from GIT revision log.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/f3a47f5bad662d398829cbf96172ab112b50db8e

@shend -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.

Thank You.

The suspected patch was reverted in https://chromium.googlesource.com/chromium/src/+/cd466ce04863b25b61053635e050ba6ffd9c7da4.

chrishtr, do you have any idea about what might be causing this?

Please mark Untriaged when switching components.

I'll take a look along with the other security issue we got yesterday.

ClusterFuzz has detected this issue as fixed in range 504091:504147.

Detailed report: https://clusterfuzz.com/testcase?key=5904404359413760

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: Null-dereference
Crash Address: 0x00000022
Crash State:
  blink::ThemePainterDefault::PaintSearchFieldCancelButton
  blink::ThemePainter::Paint
  blink::BoxPainter::PaintBoxDecorationBackgroundWithRect
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=502108:502126
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=504091:504147

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5904404359413760

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5904404359413760 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Weird that it started and stopped mysteriously. But I fixed the bug related to this in
this commit:

https://chromium-review.googlesource.com/c/chromium/src/+/572213