Who would be a good owner for this?

Possibly imcheng@, but it hasn't been through our triage yet.

Assigning to imcheng@, as per c#2. Please re-assign if needed.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/56d85f955bdaa7287a39438daaaa71fcbde6dd42

commit 56d85f955bdaa7287a39438daaaa71fcbde6dd42
Author: Derek Cheng <imcheng@chromium.org>
Date: Tue Nov 28 21:49:08 2017

[Cast channel] Validate IP address from mDNS / cast channel requests.

A valid Cast device address must be private. This is checked using
the IPAddress::IsReserved() method, similar to DIAL's device description
service.

The check is performed in several entry points (some are redundant as
extra safety net):
- DnsSdRegistry, when it receives an device advertisement from mDNS
- CastSocketService, before it opens socket
- CastSocketServiceImpl::OpenChannel
- CastChannelOpenFunction (entry point for chrome.cast.channel.open)

Bug:  786109 
Change-Id: Iaad91834cd4149fd345b2ada4e2704a0e158ba49
Reviewed-on: https://chromium-review.googlesource.com/792650
Commit-Queue: Derek Cheng <imcheng@chromium.org>
Reviewed-by: mark a. foltz <mfoltz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#519857}
[modify] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/chrome/browser/media/router/discovery/mdns/cast_media_sink_service_impl.cc
[modify] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/chrome/browser/media/router/discovery/mdns/cast_media_sink_service_impl_unittest.cc
[modify] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/chrome/browser/media/router/discovery/mdns/dns_sd_registry.cc
[modify] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/chrome/browser/media/router/discovery/mdns/dns_sd_registry_unittest.cc
[modify] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/components/cast_channel/BUILD.gn
[add] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/components/cast_channel/cast_channel_util.cc
[add] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/components/cast_channel/cast_channel_util.h
[modify] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/components/cast_channel/cast_socket_service.cc
[modify] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/components/cast_channel/cast_socket_service.h
[modify] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/components/cast_channel/cast_socket_service_unittest.cc
[modify] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/components/cast_channel/cast_test_util.h
[modify] https://crrev.com/56d85f955bdaa7287a39438daaaa71fcbde6dd42/extensions/browser/api/cast_channel/cast_channel_api.cc

This isn't a security bug - the devices were reachable and cast was reaching them correctly.

Sorry I am not so technical to understand ISP and routing traffic and other technical things. I am a consumer and I expect that if I use a product from google it have to functionate properly and protect my privacy and security. 

I wan't to explain why it was a real security issue in my opinion and in my case. And this all occured when the device didn't function properly.

I could stream videos to my neighboors device and could project everything I wanted on it. What if there where childrens watching TV and I would stream horror movies or pornografic videos. their security wouldn't be secure. I had acces and control over their device and they had acces to my device. that for me is a security issue.

I used my device for over a year and in that whole time people could see what I was watching on my TV. My privacy wasn't secure all the time I used my device. I could also see what my neighboor was watching so here privacy wasn't secure too. they could see wich website I was visiting and I could see wich website she was visiting. if I was streaming sensitive site's to my device my neighboor and everyone that was using the same device could propably see that.

It was maybe a functional or technical fix, but it had influence on my privacy and security.