A double-release of a CFURLConnectionRef was identified in one of the WebDownload::init methods: CFURLConnectionRef connection = handle->connection(); … m_download = adoptCF(CFURLDownloadCreateAndStartWithLoadingConnection(0, connection, request.cfURLRequest(UpdateHTTPBody), response.cfURLResponse(), &client)); … // The CFURLDownload either starts successfully and retains the CFURLConnection, // or it fails to creating and we have a now-useless connection with a dangling ref. // Either way, we need to release the connection to balance out ref counts handle->releaseConnectionForDownload(); CFRelease(connection); The last line, the call to CFRelease(connection), is wrong and should be removed, because ResourceHandle::connection() just does d->m_connection.get() CFURLDownloadCreateAndStartWithLoadingConnection() can retain the connection per the comment, while ResourceHandle:: releaseConnectionForDownload() lets go of the connection. But then we release the connection via the raw pointer we stole from the ResourceHandle, as if we thought ResourceHandle::connection() returned a retained connection!