diff --git a/common.gypi b/common.gypi
index 6fe46076ff8def..2abd12b6230251 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.17',
+    'v8_embedder_string': '-node.18',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/snapshot/deserializer.h b/deps/v8/src/snapshot/deserializer.h
index 62814a881ae9e3..c09c589633c601 100644
--- a/deps/v8/src/snapshot/deserializer.h
+++ b/deps/v8/src/snapshot/deserializer.h
@@ -107,6 +107,7 @@ class V8_EXPORT_PRIVATE Deserializer : public SerializerDeserializer {
   }
 
   std::shared_ptr<BackingStore> backing_store(size_t i) {
+    DCHECK_LT(i, backing_stores_.size());
     return backing_stores_[i];
   }
 
diff --git a/deps/v8/src/snapshot/serializer-common.cc b/deps/v8/src/snapshot/serializer-common.cc
index 9218d4eaa92969..46b8e36e9c64a9 100644
--- a/deps/v8/src/snapshot/serializer-common.cc
+++ b/deps/v8/src/snapshot/serializer-common.cc
@@ -125,7 +125,14 @@ void SerializerDeserializer::Iterate(Isolate* isolate, RootVisitor* visitor) {
 }
 
 bool SerializerDeserializer::CanBeDeferred(HeapObject o) {
-  return !o.IsString() && !o.IsScript() && !o.IsJSTypedArray();
+  // ArrayBuffer instances are serialized by first re-assigning a index
+  // to the backing store field, then serializing the object, and then
+  // storing the actual backing store address again (and the same for the
+  // ArrayBufferExtension). If serialization of the object itself is deferred,
+  // the real backing store address is written into the snapshot, which cannot
+  // be processed when deserializing.
+  return !o.IsString() && !o.IsScript() && !o.IsJSTypedArray() &&
+         !o.IsJSArrayBuffer();
 }
 
 void SerializerDeserializer::RestoreExternalReferenceRedirectors(