diff --git a/extra/chromium/PKGBUILD b/extra/chromium/PKGBUILD
index 21ff67d4b..d97c8c7f1 100644
--- a/extra/chromium/PKGBUILD
+++ b/extra/chromium/PKGBUILD
@@ -16,7 +16,7 @@ highmem=1
 
 pkgname=chromium
 pkgver=89.0.4389.82
-pkgrel=1
+pkgrel=2
 _launcher_ver=7
 _gcc_patchset=7
 pkgdesc="A web browser built for speed, simplicity, and security"
@@ -36,6 +36,7 @@ source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgn
         https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver/chromium-launcher-$_launcher_ver.tar.gz
         https://github.com/stha09/chromium-patches/releases/download/chromium-${pkgver%%.*}-patchset-$_gcc_patchset/chromium-${pkgver%%.*}-patchset-$_gcc_patchset.tar.xz
         add-dependency-on-opus-in-webcodecs.patch
+        x11-ozone-fix-two-edge-cases.patch
         chromium-glibc-2.33.patch
         use-oauth2-client-switches-as-default.patch
         0001-crashpad-include-limits.patch
@@ -46,6 +47,7 @@ sha256sums=('df4914407b68afdc6449cb8e3f1b08d110eb8689ac41f86490e337fa4d1be379'
             '86859c11cfc8ba106a3826479c0bc759324a62150b271dd35d1a0f96e890f52f'
             'f8b1558f6c87b33423da854d42f0f69d47885a96d6bf6ce7f26373e93d47442f'
             'b86b11de8db438c47f0a84c7956740f648d21035f4ee46bfbd50c3348d369121'
+            '9e4743bdeaf5b668659ad53400e3977006916aac3a7ba045bbc750b7b4cbf274'
             '2fccecdcd4509d4c36af873988ca9dbcba7fdb95122894a9fdf502c33a1d7a4b'
             'e393174d7695d0bafed69e868c5fbfecf07aa6969f3b64596d0bae8b067e1711'
             '112671743908fa9e69e30eb4ddc9539f76f2cc28a3b038df6b610e5b210a77d1'
@@ -123,6 +125,7 @@ prepare() {
 
   # Upstream fixes
   patch -Np1 -i ../add-dependency-on-opus-in-webcodecs.patch
+  patch -Np1 -i ../x11-ozone-fix-two-edge-cases.patch
 
   # Fixes for building with libstdc++ instead of libc++
   patch -Np1 -i ../patches/chromium-89-quiche-dcheck.patch
diff --git a/extra/chromium/x11-ozone-fix-two-edge-cases.patch b/extra/chromium/x11-ozone-fix-two-edge-cases.patch
new file mode 100644
index 000000000..9c4c4755a
--- /dev/null
+++ b/extra/chromium/x11-ozone-fix-two-edge-cases.patch
@@ -0,0 +1,135 @@
+From 5e3a738b1204941aab9f15c0eb3d06e20fefd96e Mon Sep 17 00:00:00 2001
+From: Scott Violet <sky@chromium.org>
+Date: Mon, 8 Mar 2021 21:07:39 +0000
+Subject: [PATCH] x11/ozone: fix two edge cases
+
+WindowTreeHost::OnHostMovedInPixels() may trigger a nested message
+loop (tab dragging), which when the stack unravels means this may
+be deleted. This adds an early out if this happens.
+
+X11WholeScreenMoveLoop has a similar issue, in so far as notifying
+the delegate may delete this.
+
+BUG=1185482
+TEST=WindowTreeHostPlatform.DeleteHostFromOnHostMovedInPixels
+
+Change-Id: Ieca1c90b3e4358da50b332abe2941fdbb50c5c25
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2743555
+Reviewed-by: Thomas Anderson <thomasanderson@chromium.org>
+Commit-Queue: Scott Violet <sky@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#860852}
+---
+ ui/aura/window_tree_host_platform.cc          | 10 ++++-
+ ui/aura/window_tree_host_platform_unittest.cc | 40 ++++++++++++++++++-
+ ui/base/x/x11_whole_screen_move_loop.cc       |  4 ++
+ 3 files changed, 51 insertions(+), 3 deletions(-)
+
+diff --git a/ui/aura/window_tree_host_platform.cc b/ui/aura/window_tree_host_platform.cc
+index ce8395fe07..7589542026 100644
+--- a/ui/aura/window_tree_host_platform.cc
++++ b/ui/aura/window_tree_host_platform.cc
+@@ -214,13 +214,21 @@ void WindowTreeHostPlatform::OnBoundsChanged(const gfx::Rect& new_bounds) {
+   float current_scale = compositor()->device_scale_factor();
+   float new_scale = ui::GetScaleFactorForNativeView(window());
+   gfx::Rect old_bounds = bounds_in_pixels_;
++  auto weak_ref = GetWeakPtr();
+   bounds_in_pixels_ = new_bounds;
+-  if (bounds_in_pixels_.origin() != old_bounds.origin())
++  if (bounds_in_pixels_.origin() != old_bounds.origin()) {
+     OnHostMovedInPixels(bounds_in_pixels_.origin());
++    // Changing the bounds may destroy this.
++    if (!weak_ref)
++      return;
++  }
+   if (bounds_in_pixels_.size() != old_bounds.size() ||
+       current_scale != new_scale) {
+     pending_size_ = gfx::Size();
+     OnHostResizedInPixels(bounds_in_pixels_.size());
++    // Changing the size may destroy this.
++    if (!weak_ref)
++      return;
+   }
+   DCHECK_GT(on_bounds_changed_recursion_depth_, 0);
+   if (--on_bounds_changed_recursion_depth_ == 0) {
+diff --git a/ui/aura/window_tree_host_platform_unittest.cc b/ui/aura/window_tree_host_platform_unittest.cc
+index eda14e2f0c..4de039c88a 100644
+--- a/ui/aura/window_tree_host_platform_unittest.cc
++++ b/ui/aura/window_tree_host_platform_unittest.cc
+@@ -34,7 +34,7 @@ class TestWindowTreeHost : public WindowTreeHostPlatform {
+ // OnHostWill/DidProcessBoundsChange. Additionally, this triggers a bounds
+ // change from within OnHostResized(). Such a scenario happens in production
+ // code.
+-class TestWindowTreeHostObserver : public aura::WindowTreeHostObserver {
++class TestWindowTreeHostObserver : public WindowTreeHostObserver {
+  public:
+   TestWindowTreeHostObserver(WindowTreeHostPlatform* host,
+                              ui::PlatformWindow* platform_window)
+@@ -51,7 +51,7 @@ class TestWindowTreeHostObserver : public aura::WindowTreeHostObserver {
+     return on_host_will_process_bounds_change_count_;
+   }
+ 
+-  // aura::WindowTreeHostObserver:
++  // WindowTreeHostObserver:
+   void OnHostResized(WindowTreeHost* host) override {
+     if (!should_change_bounds_in_on_resized_)
+       return;
+@@ -92,5 +92,41 @@ TEST_F(WindowTreeHostPlatformTest, HostWillProcessBoundsChangeRecursion) {
+   EXPECT_EQ(1, observer.on_host_will_process_bounds_change_count());
+ }
+ 
++// Deletes WindowTreeHostPlatform from OnHostMovedInPixels().
++class DeleteHostWindowTreeHostObserver : public WindowTreeHostObserver {
++ public:
++  explicit DeleteHostWindowTreeHostObserver(
++      std::unique_ptr<TestWindowTreeHost> host)
++      : host_(std::move(host)) {
++    host_->AddObserver(this);
++  }
++  ~DeleteHostWindowTreeHostObserver() override = default;
++
++  TestWindowTreeHost* host() { return host_.get(); }
++
++  // WindowTreeHostObserver:
++  void OnHostMovedInPixels(WindowTreeHost* host,
++                           const gfx::Point& new_origin_in_pixels) override {
++    host_->RemoveObserver(this);
++    host_.reset();
++  }
++
++ private:
++  std::unique_ptr<TestWindowTreeHost> host_;
++
++  DISALLOW_COPY_AND_ASSIGN(DeleteHostWindowTreeHostObserver);
++};
++
++// Verifies WindowTreeHostPlatform can be safely deleted when calling
++// OnHostMovedInPixels().
++// Regression test for https://crbug.com/1185482
++TEST_F(WindowTreeHostPlatformTest, DeleteHostFromOnHostMovedInPixels) {
++  std::unique_ptr<TestWindowTreeHost> host =
++      std::make_unique<TestWindowTreeHost>();
++  DeleteHostWindowTreeHostObserver observer(std::move(host));
++  observer.host()->SetBoundsInPixels(gfx::Rect(1, 2, 3, 4));
++  EXPECT_EQ(nullptr, observer.host());
++}
++
+ }  // namespace
+ }  // namespace aura
+diff --git a/ui/base/x/x11_whole_screen_move_loop.cc b/ui/base/x/x11_whole_screen_move_loop.cc
+index 5ed215db66..db678799db 100644
+--- a/ui/base/x/x11_whole_screen_move_loop.cc
++++ b/ui/base/x/x11_whole_screen_move_loop.cc
+@@ -78,9 +78,13 @@ X11WholeScreenMoveLoop::~X11WholeScreenMoveLoop() {
+ void X11WholeScreenMoveLoop::DispatchMouseMovement() {
+   if (!last_motion_in_screen_)
+     return;
++  auto weak_ref = weak_factory_.GetWeakPtr();
+   delegate_->OnMouseMovement(last_motion_in_screen_->root_location(),
+                              last_motion_in_screen_->flags(),
+                              last_motion_in_screen_->time_stamp());
++  // The delegate may delete this during dispatch.
++  if (!weak_ref)
++    return;
+   last_motion_in_screen_.reset();
+ }
+