After rolling WebKit in chromium (r87979:r88005), we started seeing some crashes in HTMLElement::ieForbidsInsertHTML. Full details: http://code.google.com/p/chromium/issues/detail?id=84872 Higher up in the call stack, there are something related to SVG, which may be causing this? chrome_25a0000!WebCore::StyleElement::sheetLoaded+0x26 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\styleelement.cpp @ 182] chrome_25a0000!WebCore::SVGStyleElement::sheetLoaded+0xc [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\svg\svgstyleelement.h @ 61] chrome_25a0000!WebCore::CSSStyleSheet::checkLoaded+0x30 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\css\cssstylesheet.cpp @ 230] chrome_25a0000!WebCore::StyleElement::createSheet+0x2f0 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\styleelement.cpp @ 166] chrome_25a0000!WebCore::StyleElement::process+0x18f [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\styleelement.cpp @ 134] chrome_25a0000!WebCore::StyleElement::insertedIntoDocument+0x25 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\styleelement.cpp @ 67] chrome_25a0000!WebCore::SVGStyleElement::insertedIntoDocument+0x15 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\svg\svgstyleelement.cpp @ 127]
According to a comment in bug 62109, this is a duplicate of bug 62116.
*** This bug has been marked as a duplicate of bug 62116 ***