diff --git a/src/ic/ic.cc b/src/ic/ic.cc
index 819f08309c..f577954896 100644
--- a/src/ic/ic.cc
+++ b/src/ic/ic.cc
@@ -2284,6 +2284,13 @@ Handle<Object> KeyedStoreIC::StoreElementHandler(
       IsStoreInArrayLiteralIC());
 
   if (receiver_map->IsJSProxyMap()) {
+    // DefineKeyedOwnIC, which is used to define computed fields in instances,
+    // should be handled by the slow stub.
+    if (IsDefineKeyedOwnIC()) {
+      TRACE_HANDLER_STATS(isolate(), KeyedStoreIC_SlowStub);
+      return StoreHandler::StoreSlow(isolate(), store_mode);
+    }
+
     return StoreHandler::StoreProxy(isolate());
   }
 
diff --git a/test/mjsunit/regress/regress-chromium-1409294.js b/test/mjsunit/regress/regress-chromium-1409294.js
new file mode 100644
index 0000000000..920b79a163
--- /dev/null
+++ b/test/mjsunit/regress/regress-chromium-1409294.js
@@ -0,0 +1,23 @@
+// Copyright 2023 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --always-turbofan
+
+let key = 5;
+
+class Base {
+  constructor() {
+    return new Proxy(this, {
+      defineProperty(target, key, desc) {
+        return Reflect.defineProperty(target, key, desc);
+      }
+    });
+  }
+}
+
+class Child extends Base {
+  [key] = "basic";
+}
+let c = new Child();
+c = new Child();