diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h
index 28da7529472260..39e5a9bcc984b6 100644
--- a/deps/v8/include/v8-version.h
+++ b/deps/v8/include/v8-version.h
@@ -11,7 +11,7 @@
 #define V8_MAJOR_VERSION 8
 #define V8_MINOR_VERSION 1
 #define V8_BUILD_NUMBER 307
-#define V8_PATCH_LEVEL 28
+#define V8_PATCH_LEVEL 30
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
diff --git a/deps/v8/src/regexp/regexp-interpreter.cc b/deps/v8/src/regexp/regexp-interpreter.cc
index a78d73f86359b9..a74df90c1d9f33 100644
--- a/deps/v8/src/regexp/regexp-interpreter.cc
+++ b/deps/v8/src/regexp/regexp-interpreter.cc
@@ -1051,8 +1051,29 @@ IrregexpInterpreter::Result IrregexpInterpreter::MatchForCallFromJs(
     return IrregexpInterpreter::RETRY;
   }
 
-  return Match(isolate, regexp_obj, subject_string, registers, registers_length,
-               start_position, call_origin);
+  // In generated code, registers are allocated on the stack. The given
+  // `registers` argument is only guaranteed to hold enough space for permanent
+  // registers (i.e. for captures), and not for temporary registers used only
+  // during matcher execution. We match that behavior in the interpreter by
+  // using a SmallVector as internal register storage.
+  static constexpr int kBaseRegisterArraySize = 64;  // Arbitrary.
+  const int internal_register_count =
+      Smi::ToInt(regexp_obj.DataAt(JSRegExp::kIrregexpMaxRegisterCountIndex));
+  base::SmallVector<int, kBaseRegisterArraySize> internal_registers(
+      internal_register_count);
+
+  Result result =
+      Match(isolate, regexp_obj, subject_string, internal_registers.data(),
+            internal_register_count, start_position, call_origin);
+
+  // Copy capture registers to the output array.
+  if (result == IrregexpInterpreter::SUCCESS) {
+    CHECK_GE(internal_registers.size(), registers_length);
+    MemCopy(registers, internal_registers.data(),
+            registers_length * sizeof(registers[0]));
+  }
+
+  return result;
 }
 
 IrregexpInterpreter::Result IrregexpInterpreter::MatchForCallFromRuntime(
diff --git a/deps/v8/src/wasm/wasm-engine.cc b/deps/v8/src/wasm/wasm-engine.cc
index 28b0aa0ca5c838..c1fceb83113cb8 100644
--- a/deps/v8/src/wasm/wasm-engine.cc
+++ b/deps/v8/src/wasm/wasm-engine.cc
@@ -129,6 +129,9 @@ class WasmGCForegroundTask : public CancelableTask {
 std::shared_ptr<NativeModule> NativeModuleCache::MaybeGetNativeModule(
     ModuleOrigin origin, Vector<const uint8_t> wire_bytes) {
   if (origin != kWasmOrigin) return nullptr;
+  // Temporarily disabled to fix stability issue on M-81
+  // (https://crbug.com/1070199).
+  if (!FLAG_future) return nullptr;
   base::MutexGuard lock(&mutex_);
   while (true) {
     auto it = map_.find(wire_bytes);
@@ -153,6 +156,9 @@ void NativeModuleCache::Update(std::shared_ptr<NativeModule> native_module,
                                bool error) {
   DCHECK_NOT_NULL(native_module);
   if (native_module->module()->origin != kWasmOrigin) return;
+  // Temporarily disabled to fix stability issue on M-81
+  // (https://crbug.com/1070199).
+  if (!FLAG_future) return;
   Vector<const uint8_t> wire_bytes = native_module->wire_bytes();
   base::MutexGuard lock(&mutex_);
   auto it = map_.find(wire_bytes);
diff --git a/deps/v8/test/cctest/cctest.status b/deps/v8/test/cctest/cctest.status
index c4f41001d31edc..06583f6bd5ea20 100644
--- a/deps/v8/test/cctest/cctest.status
+++ b/deps/v8/test/cctest/cctest.status
@@ -600,4 +600,11 @@
   'test-cpu-profiler/DeoptUntrackedFunction': [SKIP],
 }],  # variant == turboprop
 
+##############################################################################
+['variant != future', {
+  # Wasm native module cache is temporarily disabled in non-future variant
+  # (https://crbug.com/1070199)
+  'test-compilation-cache/*': [SKIP]
+}],  # variant != future
+
 ]
diff --git a/deps/v8/test/inspector/inspector.status b/deps/v8/test/inspector/inspector.status
index 8fe52411aad80b..0b6d8abda21a78 100644
--- a/deps/v8/test/inspector/inspector.status
+++ b/deps/v8/test/inspector/inspector.status
@@ -84,5 +84,11 @@
 }],  # 'arch == s390 or arch == s390x'
 
 ##############################################################################
+['variant != future', {
+  # Wasm native module cache is temporarily disabled in non-future variant
+  # (https://crbug.com/1070199)
+  'debugger/wasm-scripts': [SKIP],
+}],  # variant != future
+
 
 ]
diff --git a/deps/v8/test/mjsunit/regress/regress-1067270.js b/deps/v8/test/mjsunit/regress/regress-1067270.js
new file mode 100644
index 00000000000000..1c6eddf505aa55
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-1067270.js
@@ -0,0 +1,11 @@
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+const needle = Array(1802).join(" +") + Array(16884).join("A");
+const string = "A";
+
+assertEquals(string.search(needle), -1);
+assertEquals(string.search(needle), -1);