chore: cherry-pick cf90db14f2 from chromium

[ppontes]

[M112] Fix ScopedObservation UaF in BubbleDialogDelegate::AnchorWidgetObserver

A ScopedObservation can outlive the aura::Window it observes, leading to
a use-after-free error in ~ScopedObservation(). The problem occurs in
BubbleDialogDelegate::AnchorWidgetObserver. This fix listens for
OnWindowDestroying() and resets the observation to prevent the UaF.

(cherry picked from commit 72bd6a1018548ee63a2ec06d6c7714d3a8cdf8a8)

Bug: 1423360
Change-Id: I742b4624b2664dea3fd97db7b399fcd15e45c8fe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4455016
Code-Coverage: Findit findit-for-me@appspot.gserviceaccount.com
Reviewed-by: Elly Fong-Jones ellyjones@chromium.org
Commit-Queue: Keren Zhu kerenzhu@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1133511}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4466947
Reviewed-by: Allen Bauer kylixrd@chromium.org
Cr-Commit-Position: refs/branch-heads/5615@{#1353}
Cr-Branched-From: 9c6408ef696e83a9936b82bbead3d41c93c82ee4-refs/heads/main@{#1109224}

Release Notes

Notes: Security: backported fix for 1423360.

[release-clerk]

Release Notes Persisted

Security: backported fix for 1423360.