I have an idea for how bug 1479960 might be related: one its side effects was applying the changes from bug 1565744 to all shared memory. It doesn't seem to be necessary if the memory isn't meant to be frozen, but Chrome applies it to everything, and in theory it shouldn't hurt.
Concretely, shared memory now has an empty DACL instead of none (deny all instead of allow all), and on Win7 (but not 8.1 or 10) it gives them randomly generated names to work around a bug/feature where the security attributes would be ignored. So, there could be some side effect from those metadata changes, or maybe this is a failure to get entropy for the object name — I was originally going to crash for that, but I was advised during code review to just fail the allocation.
There's still something missing, because this doesn't reproduce on Win7 on Try. But I could try landing a patch to turn off the security changes for normal shared memory and see if the crash reports stop.