I was hitting a similar problem trying to run Chromium headless in an Alpine Docker container, and apparently so are many other (e.g., here, here). The --no-sandbox option is a straightforward workaround but obviously a poor security practice. What worked for me was setting a custom seccomp.
Download this file (if interested, see the author’s notes here). Then pass the option --security-opt seccomp=path/to/chrome.json when starting Docker, or specify the same option in your docker-compose.yml if you’re using one.