See this Chromium bug (http://code.google.com/p/chromium/issues/detail?id=143937) for details. I investigated the crash and found that v8ExternalString() can return already disposed strings: class StringCache { v8::Local<v8::String> v8ExternalString(StringImpl* stringImpl, v8::Isolate* isolate) { if (m_lastStringImpl.get() == stringImpl) { ASSERT(!m_lastV8String.IsNearDeath()); ASSERT(!m_lastV8String.IsEmpty()); return v8::Local<v8::String>::New(m_lastV8String); // m_lastV8String might be already Disposed. } return v8ExternalStringSlow(stringImpl, isolate); } } I couldn't find why m_lastV8String can be prematurely disposed, but the following fix will solve the crash: class StringCache { v8::Local<v8::String> v8ExternalString(StringImpl* stringImpl, v8::Isolate* isolate) { if (m_lastStringImpl.get() == stringImpl && m_lastV8String.IsWeak()) return v8::Local<v8::String>::New(m_lastV8String); return v8ExternalStringSlow(stringImpl, isolate); } } Although the ideal fix might be to fix the root cause of the premature disposal, I think that the above fix is reasonable for safety. In fact, we've so far encountered crashes caused by premature disposals (e.g. r123500). The above fix will prevent future crashes caused by premature disposals.