Canvas image data is blocked from chrome (such as NoScript's ClearClick)
Something about how Chrome callers (especially NoScript) can create canvases can leave them without any window or context for their owner document for ThirdPartyUtil::GetFirstPartyURI(). In #7128 (closed), we just hacked the GetFirstPartyURI call to return failure, which in turn should block permissions to the canvas.
However, the ideal solution is probably to either check IsChrome() or otherwise find some way to exempt NoScript.
It's possible that we break NoScript's ClearClick protections because of this issue.