diff --git a/shell/common/gin_converters/net_converter.cc b/shell/common/gin_converters/net_converter.cc
index 476223a228..f8d805f993 100644
--- a/shell/common/gin_converters/net_converter.cc
+++ b/shell/common/gin_converters/net_converter.cc
@@ -253,8 +253,10 @@ bool Converter<net::HttpRequestHeaders>::FromV8(v8::Isolate* isolate,
   if (!ConvertFromV8(isolate, val, &dict))
     return false;
   for (const auto it : dict) {
-    if (it.second.is_string())
+    if (it.second.is_string() && net::HttpUtil::IsValidHeaderName(it.first) &&
+        net::HttpUtil::IsValidHeaderValue(it.second.GetString())) {
       out->SetHeader(it.first, std::move(it.second).TakeString());
+    }
   }
   return true;
 }
diff --git a/spec/api-web-request-spec.ts b/spec/api-web-request-spec.ts
index 13146d581c..96052b44e0 100644
--- a/spec/api-web-request-spec.ts
+++ b/spec/api-web-request-spec.ts
@@ -411,6 +411,27 @@ describe('webRequest module', () => {
       expect(called).to.be.true();
     });
 
+    it('does not crash on invalid header name or value', async () => {
+      ses.webRequest.onBeforeSendHeaders((details, callback) => {
+        const requestHeaders = details.requestHeaders;
+        requestHeaders['Invalid Header'] = 'valid-value';
+        requestHeaders['Valid-Header'] = 'invalid\r\nvalue';
+        requestHeaders['X-Good'] = 'good-value';
+        callback({ requestHeaders });
+      });
+      const sentHeaders = new Promise<Electron.OnSendHeadersListenerDetails>((resolve) => {
+        ses.webRequest.onSendHeaders(resolve);
+      });
+
+      const { data } = await ajax(defaultURL);
+      const details = await sentHeaders;
+
+      expect(details.requestHeaders['Invalid Header']).to.be.undefined();
+      expect(details.requestHeaders['Valid-Header']).to.be.undefined();
+      expect(details.requestHeaders['X-Good']).to.equal('good-value');
+      expect(data).to.equal('/');
+    });
+
     it('resets the whole headers', async () => {
       const requestHeaders = {
         Test: 'header'