Potentially related to/duplicate of  Issue 766039  ?

Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

dmazzoni: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

dmazzoni: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

dmazzoni: This bug is pretty old, and we'd like to get it out of the security triage queue. Can you please confirm that this bug only appears in the test runner, and not in production Chrome? If so, we can remove it from our queue. Thank you!

Unfortunately I'm unable to reproduce this bug locally. I did an MSAN build and then tried to run it like this:

out/Release/content_shell --run-layout-test third_party/WebKit/LayoutTests/clusterfuzz-testcase-5291756706070528.html

I do agree that the stack trace points to a bug in test_runner, which is not severe at all. It also doesn't look like an area I'm familiar with.

In general MSAN needs some love, it's way too difficult to reproduce MSAN bugs, compared to ASAN for example - see crbug.com/786416

ochang: I'm wondering if you can dig into this one a bit, since it's your fuzzer and since you might have some insight into MSan reproducibility problems?

Oops, missed this one in vacation backlog, sorry.

CF seems to have trouble reproducing this one too, but the stack looks similar to  bug 773821  which is a reproducible bad cast (but marked non-security because it's likely a bug in the test runner).

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot