diff --git a/build/npm-run.py b/build/npm-run.py
index 77b9f128e5499..bd0c9097bf113 100644
--- a/build/npm-run.py
+++ b/build/npm-run.py
@@ -16,5 +16,5 @@
     subprocess.check_output(args, stderr=subprocess.STDOUT)
 except subprocess.CalledProcessError as e:
     error_msg = "NPM script '{}' failed with code '{}':\n".format(sys.argv[2], e.returncode)
-    print(error_msg + e.output.decode('ascii'))
+    print(error_msg + e.output.decode('utf8'))
     sys.exit(e.returncode)
diff --git a/shell/browser/login_handler.cc b/shell/browser/login_handler.cc
index e0ac4458ff1e3..c7069488779b2 100644
--- a/shell/browser/login_handler.cc
+++ b/shell/browser/login_handler.cc
@@ -69,11 +69,15 @@ void LoginHandler::EmitEvent(
   details.Set("firstAuthAttempt", first_auth_attempt);
   details.Set("responseHeaders", response_headers.get());
 
+  auto weak_this = weak_factory_.GetWeakPtr();
   bool default_prevented =
       api_web_contents->Emit("login", std::move(details), auth_info,
                              base::BindOnce(&LoginHandler::CallbackFromJS,
                                             weak_factory_.GetWeakPtr()));
-  if (!default_prevented && auth_required_callback_) {
+  // ⚠️ NB, if CallbackFromJS is called during Emit(), |this| will have been
+  // deleted. Check the weak ptr before accessing any member variables to
+  // prevent UAF.
+  if (weak_this && !default_prevented && auth_required_callback_) {
     std::move(auth_required_callback_).Run(base::nullopt);
   }
 }