UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Steps to reproduce the problem:
1. Create an element of the `input` html tag
2. Set the type of the element to `file`
3. Append the element to the document body
4. Add event listener to it of type `change`
5. In the event handler function construct a FileReader
6. In `onload` event of the file reader call a promise
7. In the promise execute `setTimeout`
8. Now open the page and choose some file
9. Click `open`
10. Then chose file again
11. Instead of pressing `open`, drag the file into a new tab

What is the expected behavior?
A new tab should be opened with the given file. When you close the tab, everything should work normally.

What went wrong?
5% of times Windows crashes with BSOD
25% of times Chrome crashes (probably segfault)
70% of times Chrome becomes unresponsive and has to be killed from task manager

Tested on Windows 8.1 and on Windows 7 and able to reproduce the issue. I didn't experience BSOD on Windows 8.1, but Chrome becomes unresponsive and sometimes crashes with segfault. On Windows 7 it crashes too.

In case the steps provided are unclear, I'm uploading a sample file and a screencast. Hope it helps.

FWIW, it reproduces from version 63.0.3239.132 and above (not tested below that version).

Crashed report ID: 

How much crashed? Whole browser

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 67.0.3396.87  Channel: stable
OS Version: 7
Flash Version: /
 

Deleted: 1.zip 634 bytes

1.zip 634 bytes Download

Deleted: 1.mp4 8.7 MB

	1.mp4 8.7 MB View Download