[Bug] WebView2 crashes on Korean IME composition when input loses focus - RenderWidgetHostViewAura::InsertText

[workaholic]

[Bug] WebView2 crashes on Korean IME composition when input loses focus - RenderWidgetHostViewAura::InsertText

Description
Environment:
WebView2 Runtime Version: 143.0.3650.96
OS: Windows 10/11
Framework: .NET MAUI 9.0 (HybridWebView)
Target: net9.0-windows10.0.19041.0

Problem:
WebView2 crashes when Korean IME (Input Method Editor) composition is in progress and the input field loses focus. The crash occurs in RenderWidgetHostViewAura::InsertText.

Reproduction Steps:
Create a MAUI app with HybridWebView containing a <textarea> or element
Type Korean characters (e.g., start typing "하" which requires composing ㅎ + ㅏ)
While still in composition state (before pressing Space or Enter to commit), click a button outside the input field
WebView2 crashes immediately
WinDbg Analysis:
FAILURE_BUCKET_ID: BREAKPOINT_80000003_msedge.dll!content::RenderWidgetHostViewAura::InsertText

EXCEPTION_RECORD:
ExceptionAddress: 00007ffea89fcd4a (msedge!content::RenderWidgetHostViewAura::InsertText+0xda)
ExceptionCode: 80000003 (Break instruction exception)

STACK_TEXT:
msedge!content::RenderWidgetHostViewAura::InsertText+0xda
msedge!embedded_browser_text_input::mojom::TextInputClientWebViewStubDispatch::Accept+0x19c
msedge!mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept+0x177
Root Cause Analysis: The crash appears to be a race condition in Chromium's IME handling:
User is composing Korean characters (IME active)
Button click causes focus to move away from input
Focus loss triggers compositionend
Simultaneously, button event is processed
InsertText is called in an invalid state
Chromium hits an assertion failure (STATUS_BREAKPOINT)
Attempted Workarounds (none worked):
--disable-features=ImeThread
--disable-features=TSFImeSupport
--disable-threaded-compositing (breaks rendering)
--in-process-gpu

Various combinations of the above

Current Workaround:
JavaScript-level prevention using mousedown + preventDefault() on buttons to prevent focus loss during IME composition.

Expected Behavior:
WebView2 should handle IME composition gracefully when input loses focus, similar to how native Windows applications handle this scenario. Additional Context: This is a known issue pattern in Chromium (see Issue 246436). The same crash affects CJK (Chinese, Japanese, Korean) input methods that use composition.

[github-actions]

Hi, @workaholic!

It seems that your issue contains the word "crash". If you have not already, could you attach a crash dump as a comment?

WV2 crash dumps are located in a subfolder of the app's user data folder (UDF): <UDF>\EBWebView\Crashpad\reports\. By default, the user data folder is created in the app's folder with a name like <App Exe Name>.exe.WebView2. Refer to Crash Diagnostics for more information.

Thank you for your cooperation!

[workaholic]

Thanks for the guidance. Unfortunately, I couldn't find any crash dump files in the Crashpad reports folder - it appears the dumps are not being generated for this particular crash. Instead, I've prepared a minimal reproduction project that reliably triggers the crash.

Project Structure:
maui-app/MauiCrashTestNet10: .NET 9 MAUI HybridWebView app
maui-app/BlazorHybridNet10: .NET 10 MAUI Blazor Hybrid app (also affected)
react-app: React + Vite frontend (pre-built and embedded in MAUI app)

Steps to Reproduce:

1. Open crash-poc.sln in Visual Studio 2022
2. Build and run MauiCrashTestNet10 project (Windows target)
3. In the app, click on the textarea
4. Type Korean characters (e.g., start typing "ㅎ" then "ㅏ" to form "하")
   While IME composition is still active (before pressing Space/Enter), click the button outside the textarea
   WebView2 crashes immediately

crash-poc.zip

Environment:
Visual Studio 2022/2026 Insider
.NET 9.0 SDK, .NET 10.0 SDK
Windows 10/11
The crash is 100% reproducible with any CJK IME (Korean, Japanese, Chinese) that uses composition.