diff --git a/third_party/blink/renderer/core/brave_page_graph/page_graph.cc b/third_party/blink/renderer/core/brave_page_graph/page_graph.cc
index 4c3b46f896bf..e859700e7b09 100644
--- a/third_party/blink/renderer/core/brave_page_graph/page_graph.cc
+++ b/third_party/blink/renderer/core/brave_page_graph/page_graph.cc
@@ -1181,7 +1181,11 @@ String PageGraph::ToGraphML() const {
   xmlChar* xml_string;
   int size;
   xmlDocDumpMemoryEnc(graphml_doc, &xml_string, &size, "UTF-8");
-  auto graphml_string = String::FromUTF8(xml_string, size);
+  // SAFETY: unfortunately xmlDocDumpMemoryEnc is a C api that
+  // manages the buffer internally, so we have to rely on it for the
+  // pointer/size pair.
+  auto graphml_string = String::FromUTF8(base::as_bytes(UNSAFE_BUFFERS(
+      base::span(xml_string, base::checked_cast<size_t>(size)))));
   DCHECK(!graphml_string.empty());
 
   xmlFree(xml_string);