https://cs.chromium.org/chromium/src/content/browser/notifications/blink_notification_service_impl.cc?l=174&rcl=3e817cb44df3420e9494e2a36d85179a8f336dbf

- Prior to mojofication we rejected notifications if the image resources passed from the renderer were larger than the size they should have been scaled down to in the renderer process:

https://chromium.googlesource.com/chromium/src/+/47084bae2a1755b4107436d9f7f01aea72557a31/content/browser/notifications/notification_message_filter.cc#54

- This validation no longer appears to take place, so potentially a compromised renderer could pass very large images and cause an OOM.