[joev_]

I don't know the exact location, but it is probably somewhere in the webview tree, since it affects apps that embed webviews as well:

https://android.googlesource.com/platform/frameworks/base/+/...

[smtddr]

Since it's both webview and browser itself, I'd suspect some kind of common denominator object at fault... like...https://android.googlesource.com/platform/frameworks/base/+/...

Especially with a method called "public static class IllegalCharacterValueSanitizer".