Created attachment 71326 [details] Test case See attached test case. Mousing over the red area (which is the border on the <object> tag) results in a crash with the stack trace : *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_EXEC @ 0x000000bc ) chromeclientimpl.cpp:600] WebKit::ChromeClientImpl::mouseDidMoveOverElement(WebCore::HitTestResult const &,unsigned int) chrome.cpp:333] WebCore::Chrome::mouseDidMoveOverElement(WebCore::HitTestResult const &,unsigned int) eventhandler.cpp:1399] WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const &) webviewimpl.cpp:351] WebKit::WebViewImpl::mouseMove(WebKit::WebMouseEvent const &) webviewimpl.cpp:1101] WebKit::WebViewImpl::handleInputEvent(WebKit::WebInputEvent const &) http://trac.webkit.org/changeset/69154 touched the line that crashes in ChromeClientImpl::mouseDidMoveOverElement, so it's a likely culprit. (Originally reported as http://crbug.com/58803)
*** This bug has been marked as a duplicate of bug 47956 ***