`about:blank` is not mixed content.

third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

Index: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
index 9f5c405b19b429bfbfdcc44b7c46ad467ea10989..7e93384f0b99cea593cc969970e56594e8cf159b 100644
--- a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
+++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
@@ -89,8 +89,10 @@ bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K
         return false;
 
     // |url| is mixed content if its origin is not potentially trustworthy, and
-    // its protocol is not 'data'.
-    bool isAllowed = url.protocolIsData() || SecurityOrigin::create(url)->isPotentiallyTrustworthy();
+    // its protocol is not 'data'. We do a quick check against `SecurityOrigin::isSecure`
+    // to catch things like `about:blank`, which cannot be sanely passed into
+    // `SecurityOrigin::create` (as their origin depends on their context).
+    bool isAllowed = url.protocolIsData() || SecurityOrigin::isSecure(url) || SecurityOrigin::create(url)->isPotentiallyTrustworthy();
     // TODO(mkwst): Remove this once 'localhost' is no longer considered potentially trustworthy:
     if (isAllowed && url.protocolIs("http") && url.host() == "localhost")

[Yoav Weiss, 2016/07/04 09:02:36]

unrelated to current change, but IIUC "127.0.0.1" is considered potentially
trustworthy while localhost is not. Is that correct? If so, just out of
curiosity, why?

         isAllowed = false;