Safari crashes during startup when WebKit preferences contain a type mismatch in NSUserDefaults. The crash occurs in WebKit::WebPreferences::platformGetUInt32UserValueForKey() when checked_objc_cast<NSNumber>() receives a non-NSNumber object (such as NSString) from NSUserDefaults for a UInt32 preference. Root Cause: The code uses checked_objc_cast<NSNumber>() which crashes with RELEASE_ASSERT_WITH_SECURITY_IMPLICATION on type mismatch, rather than gracefully handling corrupted or incompatible preference data. Crash Details: - Exception: EXC_BREAKPOINT (SIGKILL) - intentional crash from assertion failure - Location: Source/WebKit/UIProcess/Cocoa/WebPreferencesCocoa.mm in platformGetUInt32UserValueForKey - Trigger: User has WebKit preference stored as wrong type in NSUserDefaults Stack Trace: WTFCrashWithInfo() checked_objc_cast<NSNumber>() WebPreferences::platformGetUInt32UserValueForKey() WebPreferences::platformInitializeStore() [Safari startup] Proposed Fix: Replace checked_objc_cast<NSNumber>() with dynamic_objc_cast<NSNumber>() in WebPreferencesCocoa.mm. This matches the error handling used by platformGetBoolUserValueForKey() and platformGetDoubleUserValueForKey() which use safe respondsToSelector: checks. Test Coverage: Added test WKPreferences.UInt32TypeMismatchDoesNotCrash in TestWebKitAPI that: 1. Swizzles NSUserDefaults to return NSString instead of NSNumber 2. Triggers WebPreferences initialization via WKWebView creation 3. Verifies no crash occurs (test fails before fix, passes after) Impact: Affects Safari users who have corrupted WebKit preferences in NSUserDefaults, causing immediate crash on startup. The fix ensures graceful degradation by ignoring malformed preference values. rdar://168370261