Update: This works in Firefox.

Able to reproduce this issue on Mac 10.12.6, Win-10 and Ubuntu 14.04 using chrome reported version #64.0.3282.167 and latest canary #66.0.3350.0.
This is a non-regression issue as it is observed from M60 old builds. 

Hence, marking it as untriaged to get more inputs from dev team.

Thanks...!!

I think this may have been a regression with chrome 64.   My coworker was getting this error but I couldn't reproduce.  But it turns out I was still using chrome 63.0.3239.132.  I was able to reproduce in canary 66.0.3352.0.

when checking my version my chrome started updating to 64.  After relaunching I can now reproduce the issue.

When looking at the stylesheets in Chrome 63 any that were from a different origin had a cssRules property but the value was null.   Now in chrome 64 the stylesheet doesn't have a cssRules property.

It looks like this change may have caused intentionally introduced this new behavior:   https://bugs.chromium.org/p/chromium/issues/detail?id=775525&can=1&q=stylesheet%20rules&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified

If anyone has a suggestion for how to check that a stylesheet is in this state without a js exception please let me know.  hasOwnProperty doesn't seem to work since cssRules and rules are inherited.

It looks like this was already broken prior to https://crrev.com/520005. However, I'm not sure if this fix should be in simply checking if it's a data URL in CSSStyleSheet::CanAccessRules(), or in the checking of CORS restrictions at SecurityOrigin::CanRequest(). Probably the latter, but I haven't looked into the spec enough to determine.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/aeb732660dec53fb17e3d87f78ef5a4fdb35f44f

commit aeb732660dec53fb17e3d87f78ef5a4fdb35f44f
Author: Chris Nardi <cnardi@chromium.org>
Date: Fri Mar 16 12:51:37 2018

Rename TaintsCanvas to CanAccessData and use in CSSStyleSheet

Since data URLs are same-origin, their CSSStyleSheet elements should be
accessible without throwing a SecurityError. TaintsCanvas had an
appropriate check for this, but was named incorrectly for this use
case. Rename TaintsCanvas to CanAccessData, reversing the boolean
condition, and use the new method in CSSStyleSheet::CanAccessRules.

Bug:  813826 
Change-Id: Ie49eecfca92af31f27a3584a64bf494083ef4742
Reviewed-on: https://chromium-review.googlesource.com/963401
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Chris Nardi <cnardi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543675}
[delete] https://crrev.com/80dec72ed8fb774d980f719cb1fe8a09406472c3/third_party/WebKit/LayoutTests/external/wpt/css/cssom/stylesheet-same-origin.sub-expected.txt
[modify] https://crrev.com/aeb732660dec53fb17e3d87f78ef5a4fdb35f44f/third_party/WebKit/Source/core/css/CSSStyleSheet.cpp
[modify] https://crrev.com/aeb732660dec53fb17e3d87f78ef5a4fdb35f44f/third_party/WebKit/Source/core/html/media/HTMLMediaElement.cpp
[modify] https://crrev.com/aeb732660dec53fb17e3d87f78ef5a4fdb35f44f/third_party/WebKit/Source/core/loader/resource/ImageResource.cpp
[modify] https://crrev.com/aeb732660dec53fb17e3d87f78ef5a4fdb35f44f/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp
[modify] https://crrev.com/aeb732660dec53fb17e3d87f78ef5a4fdb35f44f/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h