This is a regression issue broken in “M-68” and providing per-revision bisect info below:

Good Build: 68.0.3427.0(Revision:557759)
Bad Build: 68.0.3428.0(Revision:558080)

You are probably looking for a change made after 558016 (known good), but no later than 558017 (first known bad).
CHANGE-LOG URL:
The script might not always return single CL as suspect as some perf builds might get missing due to failure.

https://chromium.googlesource.com/chromium/src/+log/718fd6c00a69d8b7a29959a8b5ea2b6c208fd78c..ca6c2430020fce00c74323bcb91c6bbaf66993e7

Suspect:https://chromium.googlesource.com/chromium/src/+/ca6c2430020fce00c74323bcb91c6bbaf66993e7

@Takumi Fujimoto :Could you please help to reassign if your change is not the cause for this change.

Note:Issue is only  reproducible on MAC(10.12.6,10.13.1,10.13.5) OS.

Kindly review the attached screen-cast .
Thank You!

Deleted: Actual_Result.mov 2.3 MB

	Actual_Result.mov 2.3 MB View Download

Deleted: Expected_Result.mov 2.1 MB

	Expected_Result.mov 2.1 MB View Download

Please find the stack trace for the crash id:
---------------------------------------------
Thread 0 (id: 63158) CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x0000037f ] MAGIC SIGNATURE THREAD
Stack Quality84%Show frame trust levels
0x0000000111c06a8f	(Google Chrome Framework -toolbar_view.h:108 )	media_router::MediaRouterDialogControllerViews::CreateMediaRouterDialog()
0x00000001115918bb	(Google Chrome Framework -media_router_dialog_controller.cc:176 )	media_router::MediaRouterDialogController::ShowMediaRouterDialog()
0x00000001119680b5	(Google Chrome Framework -browser_commands.cc:956 )	chrome::RouteMedia(Browser*)
0x0000000111964559	(Google Chrome Framework -browser_command_controller.cc:665 )	chrome::BrowserCommandController::ExecuteCommandWithDisposition(int, WindowOpenDisposition)
0x000000010fd334c8	(Google Chrome Framework -menu_controller.mm:292 )	-[MenuControllerCocoa itemSelected:]
0x00007fffccd733a6	(libsystem_trace.dylib + 0x000033a6 )	_os_activity_initiate_impl
0x00007fffb51ec720	(AppKit + 0x007c4720 )	-[NSApplication(NSResponder) sendAction:to:from:]
0x000000010ef6305a	(Google Chrome Framework -chrome_browser_application_mac.mm:291 )	__43-[BrowserCrApplication sendAction:to:from:]_block_invoke
0x000000010f31cd89	(Google Chrome Framework + 0x021a6d89 )	base::mac::CallWithEHFrame(void () block_pointer)
0x000000010ef62f54	(Google Chrome Framework -chrome_browser_application_mac.mm:290 )	-[BrowserCrApplication sendAction:to:from:]
0x00007fffb4cbf665	(AppKit + 0x00297665 )	-[NSMenuItem _corePerformAction]
0x00007fffb4cbf3d1	(AppKit + 0x002973d1 )	-[NSCarbonMenuImpl performActionWithHighlightingForItemAtIndex:]
0x00007fffccd733a6	(libsystem_trace.dylib + 0x000033a6 )	_os_activity_initiate_impl
0x00007fffb4d48954	(AppKit + 0x00320954 )	-[NSMenu performActionForItemAtIndex:]
0x00007fffb4d488cb	(AppKit + 0x003208cb )	-[NSMenu _internalPerformActionForItemAtIndex:]
0x00007fffb4d486f8	(AppKit + 0x003206f8 )	-[NSCarbonMenuImpl _carbonCommandProcessEvent:handlerCallRef:]
0x00007fffb4bff57f	(AppKit + 0x001d757f )	NSSLMMenuEventHandler
0x00007fffb64add84	(HIToolbox + 0x00008d84 )	DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*)
0x00007fffb64acff5	(HIToolbox + 0x00007ff5 )	SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*)
0x00007fffb64c2d13	(HIToolbox + 0x0001dd13 )	SendEventToEventTarget
0x00007fffb650f3e5	(HIToolbox + 0x0006a3e5 )	SendHICommandEvent(unsigned int, HICommand const*, unsigned int, unsigned int, unsigned char, void const*, OpaqueEventTargetRef*, OpaqueEventTargetRef*, OpaqueEventRef**)
0x00007fffb653a9fa	(HIToolbox + 0x000959fa )	SendMenuCommandWithContextAndModifiers
0x00007fffb653a9a9	(HIToolbox + 0x000959a9 )	SendMenuItemSelectedEvent
0x00007fffb653a87c	(HIToolbox + 0x0009587c )	FinishMenuSelection(SelectionData*, MenuResult*, MenuResult*)
0x00007fffb6519b6a	(HIToolbox + 0x00074b6a )	PopUpMenuSelectCore(MenuData*, Point, double, Point, unsigned short, unsigned int, Rect const*, unsigned short, unsigned int, Rect const*, Rect const*, __CFDictionary const*, __CFString const*, OpaqueMenuRef**, unsigned short*)
0x00007fffb6518bd2	(HIToolbox + 0x00073bd2 )	_HandlePopUpMenuSelection8(OpaqueMenuRef*, OpaqueEventRef*, unsigned int, Point, unsigned short, unsigned int, Rect const*, unsigned short, Rect const*, Rect const*, __CFDictionary const*, __CFString const*, OpaqueMenuRef**, unsigned short*)
0x00007fffb65187aa	(HIToolbox + 0x000737aa )	_HandlePopUpMenuSelectionWithDictionary
0x00007fffb4d3f5a6	(AppKit + 0x003175a6 )	_NSSLMPopUpCarbonMenu3
0x00007fffb4d3dca2	(AppKit + 0x00315ca2 )	-[NSCarbonMenuImpl popUpMenu:atLocation:width:forView:withSelectedItem:withFont:withFlags:withOptions:]
0x00007fffb4db93a4	(AppKit + 0x003913a4 )	-[NSPopUpButtonCell trackMouse:inRect:ofView:untilMouseUp:]
0x00007fffb4e3496e	(AppKit + 0x0040c96e )	-[NSPopUpButtonCell performClickWithFrame:inView:]
0x0000000111af7626	(Google Chrome Framework -menu_button.mm:198 )	-[MenuButton(Private) showMenu:]
0x00007fffccd733a6	(libsystem_trace.dylib + 0x000033a6 )	_os_activity_initiate_impl
0x00007fffb51ec720	(AppKit + 0x007c4720 )	-[NSApplication(NSResponder) sendAction:to:from:]
0x000000010ef6305a	(Google Chrome Framework -chrome_browser_application_mac.mm:291 )	__43-[BrowserCrApplication sendAction:to:from:]_block_invoke
0x000000010f31cd89	(Google Chrome Framework + 0x021a6d89 )	base::mac::CallWithEHFrame(void () block_pointer)
0x000000010ef62f54	(Google Chrome Framework -chrome_browser_application_mac.mm:290 )	-[BrowserCrApplication sendAction:to:from:]
0x00007fffb4cd0cc3	(AppKit + 0x002a8cc3 )	-[NSControl sendAction:to:]
0x0000000111aaa6a0	(Google Chrome Framework -clickhold_button_cell.mm:168 )	-[ClickHoldButtonCell trackMouse:inRect:ofView:untilMouseUp:]
0x00007fffb4ccddda	(AppKit + 0x002a5dda )	-[NSControl mouseDown:]
0x00007fffb536824e	(AppKit + 0x0094024e )	-[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:]
0x00007fffb5364a6b	(AppKit + 0x0093ca6b )	-[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:]
0x00007fffb5363f09	(AppKit + 0x0093bf09 )	-[NSWindow(NSEventRouting) sendEvent:]
0x0000000111aa9f9e	(Google Chrome Framework -chrome_event_processing_window.mm:78 )	-[ChromeEventProcessingWindow sendEvent:]
0x00007fffb51e8680	(AppKit + 0x007c0680 )	-[NSApplication(NSEvent) sendEvent:]
0x000000010ef637eb	(Google Chrome Framework -chrome_browser_application_mac.mm:328 )	__34-[BrowserCrApplication sendEvent:]_block_invoke
0x000000010f31cd89	(Google Chrome Framework + 0x021a6d89 )	base::mac::CallWithEHFrame(void () block_pointer)
0x000000010ef63496	(Google Chrome Framework -chrome_browser_application_mac.mm:311 )	-[BrowserCrApplication sendEvent:]
0x00007fffb4a63426	(AppKit + 0x0003b426 )	-[NSApplication run]
0x000000010f32ca4b	(Google Chrome Framework -message_pump_mac.mm:808 )	base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*)
0x000000010f32b5ad	(Google Chrome Framework -message_pump_mac.mm:184 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x000000010f34e674	(Google Chrome Framework -run_loop.cc:102 )	<name omitted>
0x000000010ef696b7	(Google Chrome Framework -chrome_browser_main.cc:2146 )	ChromeBrowserMainParts::MainMessageLoopRun(int*)
0x000000010dc20203	(Google Chrome Framework -browser_main_loop.cc:977 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x000000010dc226f1	(Google Chrome Framework -browser_main_runner_impl.cc:169 )	content::BrowserMainRunnerImpl::Run()
0x000000010dc1cd3a	(Google Chrome Framework -browser_main.cc:51 )	content::BrowserMain(content::MainFunctionParams const&, std::__1::unique_ptr<content::BrowserProcessSubThread, std::__1::default_delete<content::BrowserProcessSubThread> >)
0x000000010ef1d276	(Google Chrome Framework -content_main_runner_impl.cc:620 )	content::ContentMainRunnerImpl::Run()
0x00000001107c8623	(Google Chrome Framework -main.cc:459 )	service_manager::Main(service_manager::MainParams const&)
0x000000010ef1c2f3	(Google Chrome Framework -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const&)
0x000000010d179e72	(Google Chrome Framework -chrome_main.cc:101 )	ChromeMain
0x000000010cfd0dd4	(Google Chrome -chrome_exe_main_mac.cc:165 )	main
0x00007fffccb41234	(libdyld.dylib + 0x00005234 )	start
0x00007fffccb41234	(libdyld.dylib + 0x00005234 )	start

marking as RBS, please change if required

Shruti, would you mind checking whether this is reproducible with both views-browser-windows and views-cast-dialog flags enabled?

Setting the target milestone to M69 because the flag won't be enabled until then.

Update 
With respect to comment#4:
Enabled both the flags 'views-browser-windows' and 'views-cast-dialog'.Issue is not reproducible.
Issue is only reproducible when 'views-cast-dialog' Flags is enabled.i.e browser get crashed after enabling 'views-cast-dialog' flag.
Attaching screen-cast for your reference please look forward to it.

Deleted: Canary_Behaviour#69.0.3442.0.mov 2.3 MB

	Canary_Behaviour#69.0.3442.0.mov 2.3 MB View Download

We won't enable views-cast-dialog until views-browser-windows is enabled, so this shouldn't be an actual issue. But I'll land a CL to fall back to the WebUI dialog if views-browser-windows is disabled.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/541e5e246b6354e2a1cb6c9f5527cf77ea9688c7

commit 541e5e246b6354e2a1cb6c9f5527cf77ea9688c7
Author: Takumi Fujimoto <takumif@chromium.org>
Date: Wed May 30 00:46:31 2018

Fall back to WebUI Cast dialog on Mac if Cocoa UI is enabled

On Mac, the Harmony Cast dialog crashes if Cocoa UI is used (i.e.
views-browser-windows is disabled) instead of Views. So we fall back to
the WebUI dialog in such cases.

Bug:  846602 
Change-Id: I65b4284be406b63748445edd0e37e08bd59dfbe7
Reviewed-on: https://chromium-review.googlesource.com/1077082
Reviewed-by: Adam Parker <amp@chromium.org>
Commit-Queue: Takumi Fujimoto <takumif@chromium.org>
Cr-Commit-Position: refs/heads/master@{#562676}
[modify] https://crrev.com/541e5e246b6354e2a1cb6c9f5527cf77ea9688c7/chrome/browser/flag_descriptions.cc
[modify] https://crrev.com/541e5e246b6354e2a1cb6c9f5527cf77ea9688c7/chrome/browser/ui/views/media_router/media_router_dialog_controller_views.cc

Update : 
Retested above issue on Mac(10.12.6,10.13.1,10.13.5) OS using latest Canary #69.0.3445.0 and issue is fixed.Browser does not get crash after clicking on cast from wrench menu ,when 'Views Cast dialog' flag is enabled.Kindly review the attached screen-cast.

Thank you!

Deleted: Canary_Behaviour#69.0.3445.0.mov 2.7 MB

	Canary_Behaviour#69.0.3445.0.mov 2.7 MB View Download