Predator and CL could not provide any possible suspects.
Using Code Search for the file, "EditingUtilities.cpp" assigning to the concern owner who might be related.

Suspect CL: https://chromium.googlesource.com/chromium/src/+/52d55d36c78e4772e0e3499409dc6f6dcabde00e

yosin@ -- Could you please look into the issue, kindly assign it to concern owner.


Thank You.

Pri-3 since real world usage of removeFormat command with unusual HTML is low

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4bb4bc15031c85102d75b6819fe64cec85c8a04a

commit 4bb4bc15031c85102d75b6819fe64cec85c8a04a
Author: tanvir.rizvi <tanvir.rizvi@samsung.com>
Date: Wed Jan 24 10:15:43 2018

Fix for crash in IsTabHTMLSpanElement

Crash in EditingUtilities IsTabHTMLSpanElement
when style has display:none, as display:none
makes the computedStyle for <span> as nill.
Added safety check to avoid this scenario.

Bug:  798288 
Change-Id: I3953959d8e1f2067f48d9c064b32c889842b3e49
Reviewed-on: https://chromium-review.googlesource.com/877739
Reviewed-by: Yoshifumi Inoue <yosin@chromium.org>
Reviewed-by: Xiaocheng Hu <xiaochengh@chromium.org>
Commit-Queue: Tanvir Rizvi <tanvir.rizvi@samsung.com>
Cr-Commit-Position: refs/heads/master@{#531492}
[modify] https://crrev.com/4bb4bc15031c85102d75b6819fe64cec85c8a04a/third_party/WebKit/Source/core/editing/EditingUtilities.cpp
[modify] https://crrev.com/4bb4bc15031c85102d75b6819fe64cec85c8a04a/third_party/WebKit/Source/core/editing/EditingUtilities.h
[modify] https://crrev.com/4bb4bc15031c85102d75b6819fe64cec85c8a04a/third_party/WebKit/Source/core/editing/EditingUtilitiesTest.cpp

ClusterFuzz has detected this issue as fixed in range 531487:531495.

Detailed report: https://clusterfuzz.com/testcase?key=5364744159756288

Fuzzer: attekett_dom_fuzzer
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000040
Crash State:
  chrome
  blink::IsTabHTMLSpanElement
  blink::ApplyStyleCommand::RemoveCSSStyle
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=523197:523221
Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=531487:531495

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5364744159756288

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5364744159756288 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.