diff --git a/src/objects/lookup.cc b/src/objects/lookup.cc
index 5389f6e565..723e483df3 100644
--- a/src/objects/lookup.cc
+++ b/src/objects/lookup.cc
@@ -488,11 +488,15 @@ void LookupIterator::ReconfigureDataProperty(Handle<Object> value,
 
   if (!IsElement(*holder) && !holder_obj->HasFastProperties(isolate_)) {
     if (holder_obj->map(isolate_).is_prototype_map() &&
-        (property_details_.attributes() & READ_ONLY) == 0 &&
-        (attributes & READ_ONLY) != 0) {
+        (((property_details_.attributes() & READ_ONLY) == 0 &&
+          (attributes & READ_ONLY) != 0) ||
+         (property_details_.attributes() & DONT_ENUM) !=
+             (attributes & DONT_ENUM))) {
       // Invalidate prototype validity cell when a property is reconfigured
       // from writable to read-only as this may invalidate transitioning store
       // IC handlers.
+      // Invalidate prototype validity cell when a property changes
+      // enumerability to clear the prototype chain enum cache.
       JSObject::InvalidatePrototypeChains(holder->map(isolate_));
     }
     if (holder_obj->IsJSGlobalObject(isolate_)) {
diff --git a/test/mjsunit/regress/regress-crbug-1163499.js b/test/mjsunit/regress/regress-crbug-1163499.js
new file mode 100644
index 0000000000..7457ef077c
--- /dev/null
+++ b/test/mjsunit/regress/regress-crbug-1163499.js
@@ -0,0 +1,15 @@
+// Copyright 2021 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+const o1 = {k:1};
+const o2 = Object.create(o1);
+for (let i = 0; i < 1100; i++) {
+  Object.defineProperty(o1, "k" + i, {value: 0, enumerable: false});
+}
+Object.defineProperty(o1, "enum", {value: 1, enumerable: false, configurable: true});
+for (let k in o2) {}
+Object.defineProperty(o1, "enum", {value: 1, enumerable: true, configurable: true});
+let last;
+for (let k in o2) { last = k }
+assertEquals("enum", last);