Note that it seems to be exploited already: "Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.".
Seeing that it's being actively exploited, this should probably block 5.12.2? See the upstream fix.
Taking the freedom to also mail firstname.lastname@example.org to make them aware of this - still made a public bug report as the vulnerability in Chromium is public as well.