In WebFrame::loadDidCommitInAnotherProcess, the new RemoteFrame was seeded with the dying LocalFrame's FrameTreeSyncData, whose frameDocumentSecurityOrigin reflects the pre-swap document -- not the cross-origin document the frame is navigating to. The post-commit FrameTreeSyncDataChangedInAnotherProcess IPC arrives shortly to refresh this, but any task that queries the remote window in the meantime (e.g. a BroadcastChannel dispatch fired from pagehide) can observe a cached origin that spuriously matches the active document. BindingSecurity correctly denies the access (the target is remote), but DOMWindow::crossDomainAccessErrorMessage then asserts that active and target origins are not same-origin-domain, which flakily crashes the http/tests/site-isolation/page-lifecycle/{pagehide,pageswap,unload}.html tests. Seed the new RemoteFrame with an empty FrameTreeSyncData (opaque origin) instead, matching the pattern already used by WebFrame::createSubframe and WebFrameProxy::remoteProcessDidTerminate. The post-commit broadcast still arrives via the same IPC connection and supplies the real new values; until then, opaque is an honest "unknown" placeholder that never compares same-origin.