The frameHandle argument is optional in evaluateJavaScriptFunction(), when not provided we pass 0 to the web process. Then, the proxy gets the web page main frame when received frame ID is 0, but the given frameID is still used as key of m_webFramePendingEvaluateJavaScriptCallbacksMap and also passed to the javascript function as argument. I think r203442 was actually a workaround to this bug, making it even more hidden. m_webFrameScriptObjectMap and m_webFramePendingEvaluateJavaScriptCallbacksMap should never have a 0 as key, since the always use a frame ID and the frame identifier counter starts at 1. This is causing test testShouldDetectPageLoadsWhileWaitingOnAnAsyncScriptAndReturnAnError to hang, because when the page is unloaded and didClearWindowObjectForFrame is called, we try to get the pending callbacks of frame 1, but they were stored as frame 0 so DidEvaluateJavaScriptFunction message is never sent to the Ui process.