Integrity of cached data / temporary internet files

[RobMeyer]

1. Does WebView2, Edge, and/or Chromium provide any guarantees that cached resources (e.g. index.html) haven't been locally modified, such as by [e.g. win32] malware executing locally?
2. If there isn't an integrity check in place, could you suggest security best practices? For example, but not limited to, configuring WebView2's UDF (User Data Folder) to a directory with read/write permissions configured such that only WebView2 has access (preventing hypothetical user-level malware from making modifications) or another approach?

To add some background, in the context of WebView2 with one or more native-web interop (postMessage, AddHostObjectToScript, etc.) methods being implemented, there could be sensitive native application data being shared with the WebView2 web content's script. This isn't problematic as long as the web content is trustworthy. However, after the WebView2 navigates to a trustworthy site and assets such as index.html are cached locally, malware could modify the contents to include a script that interops with the exposed APIs, or otherwise gains access to sensitive information (reading the DOM, listening to events, etc.). This concern would be mitigated, I believe, if there were a guarantee that the local cached data had a matching checksum to that of the original resource that was fetched over the network. However, I haven't been able to find any information about this, either in Chromium, Edge, nor WebView2 documentation.

[LiangTheDev]

There is no security boundary between Webview2 or Edge browser and other process running as user. Once a malware app is installed, it is kind of game over. It could read files on disk, inject code into running app processes. Integrity to the files on disk would not really help.

For the specific concern stated here, applying Content Security Policy on the trusted site could mitigate some of the attacks.