This appears to be a re-filing of  Issue 802157 . Can you explain why you believe this issue is now reproducible?

If you can reliably reproduce this, please visit chrome://version on the affected machine and copy/paste all of the information from that page into a comment on this bug.

I was wrong at https://bugs.chromium.org/p/chromium/issues/detail?id=802157 poc

chrome://version/ ：

Google Chrome	63.0.3239.132 (正式版本) （64 位）
Revision	2e6edcfee630baa3775f37cb11796b1603a64360-refs/branch-heads/3239@{#709}
operating system Mac OS X
JavaScript	V8 6.3.292.49
Flash	28.0.0.137 /Users/xxxxx/Library/Application Support/Google/Chrome/PepperFlash/28.0.0.137/PepperFlashPlayer.plugin

Google Inc.
版权所有2018 Google Inc. 保留所有权利。
Google Chrome	63.0.3239.132 (正式版本) （64 位）
修订版本	2e6edcfee630baa3775f37cb11796b1603a64360-refs/branch-heads/3239@{#709}
操作系统	Mac OS X
JavaScript	V8 6.3.292.49
Flash	28.0.0.137 /Users/yongshao/Library/Application Support/Google/Chrome/PepperFlash/28.0.0.137/PepperFlashPlayer.plugin
用户代理	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
命令行	/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --flag-switches-begin --flag-switches-end
可执行文件路径	/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
个人资料路径	/Users/yongshao/Library/Application Support/Google/Chrome/Default
其他变体	c134752e-b8b72c88
3095aa95-3f4a17df
6c43306f-ca7d8d80
47e5d3db-3d47f4f4
1210a805-ecd831c
b1edbc38-cf4f6ead
ba3f87da-45bda656
776de70c-eadfd437
79616653-3f4a17df
9e201a2b-6e3ce1c
68812885-4d2fac87
684d1cdf-160692dc
f347910c-3d47f4f4
4b61504a-d25ea691
9773d3bd-f23d1dea
8e3b2dc5-93702590
9e5c75f1-9ac46dc9
f79cb77b-3d47f4f4
4ea303a6-ecbb250e
d92562a9-ca7d8d80
90bcbadc-3f4a17df
25fc488a-4d2fac87
1c2f7bbf-3f4a17df
58a025e3-c2b41702
1bced4a3-90fa85cd
b2f0086-93053e47
ef25c1eb-3f4a17df
494d8760-6843eff2
f47ae82a-746c2ad4
3ac60855-486e2a9c
f296190c-8965af99
4442aae2-a90023b1
ed1d377-e1cc0f14
75f0f0a0-4ad60575
e2b18481-a90023b1
e7e71889-4ad60575
cebf1ffa-dc093587
94e68624-803f8fc4
f141d4bc-28ad44a
e9ce63c1-36ab09a2
da4aaa01-ca7d8d80

Why do you believe this to be a security bug?

The attribute 

    onload="alert(document.cookie)"

...instructs the browser to show the cookie of the current webpage (that is to say, the outer frame) when the document in the IFRAME finishes loading. There is no security flaw in allowing the outer web page to access its own cookies.

Test page https://whytls.com/test/cookieframe.html

But in safari alert (domain) is null

RE #6: That implies that, in Safari, you haven't visited any pages on the outer page's domain that set cookies. 

To help clarify your repro, consider adding the following to the HTML:

<span id=thisDoc></span>
<script>
document.getElementById("thisDoc").textContent="Cookies in this document: " + document.cookie;
</script>

Then, when you load your repro, see if the alert dialog contains the same cookies as the text on the page. If so, that's a clear indication that the first-party page is simply accessing its own cookies.

Please feel free to reply if you find anything unexpected in verifying using the debugging step in #7.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot