[Backport] Security bug 1506535

Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/5146875:
[M120 merge] Speculative fix for UAF in content::WebContentsImpl::ExitFullscreenMode

(cherry picked from commit c1cda70a433a0c625b280eb88ed6ff4f4feffa12)

Bug: 1506535, 854815
Change-Id: Iace64d63f8cea2dbfbc761ad233db42451ec101c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5146875
Commit-Queue: John Abd-El-Malek <[email protected]>
Auto-Submit: Mike Wasserman <[email protected]>
Reviewed-by: John Abd-El-Malek <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1240353}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5178801
Cr-Commit-Position: refs/branch-heads/6099@{#1727}
Cr-Branched-From: e6ee4500f7d6549a9ac1354f8d056da49ef406be-refs/heads/main@{#1217362}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/532058
Reviewed-by: Allan Sandfeld Jensen <[email protected]>

Author: Mike Wasserman

chromium/content/browser/web_contents/web_contents_impl.cc

@@ -3504,7 +3504,12 @@ void WebContentsImpl::ExitFullscreenMode(bool will_cause_resize) {
   OPTIONAL_TRACE_EVENT1("content", "WebContentsImpl::ExitFullscreenMode",
                         "will_cause_resize", will_cause_resize);
   if (delegate_) {
+    // This may spin the message loop and destroy this object crbug.com/1506535
+    base::WeakPtr<WebContentsImpl> weak_ptr = weak_factory_.GetWeakPtr();
     delegate_->ExitFullscreenModeForTab(this);
+    if (!weak_ptr) {
+      return;
+    }
 
     if (keyboard_lock_widget_)
       delegate_->CancelKeyboardLockRequest(this);