Since it's both webview and browser itself, I'd suspect some kind of common denominator object at fault... like...https://android.googlesource.com/platform/frameworks/base/+/...

Especially with a method called "public static class IllegalCharacterValueSanitizer".