diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 59b05e94911..1ea854c5e9d 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -5,6 +5,7 @@
 , libevent, expat, libjpeg
 , libpng, libxml2, libxslt
 , xdg_utils, yasm, zlib
+, libusb1, libexif
 
 , python, perl, pkgconfig
 , nspr, udev, krb5
@@ -55,21 +56,23 @@ let
     use_system_flac = true;
     use_system_libevent = true;
     use_system_libexpat = true;
+    use_system_libexif = true;
     use_system_libjpeg = true;
     use_system_libpng = true;
+    use_system_libusb = true;
     use_system_libxml = true;
     use_system_speex = true;
     use_system_ssl = cfg.openssl;
     use_system_stlport = true;
     use_system_xdg_utils = true;
     use_system_yasm = true;
-    use_system_zlib = true;
+    use_system_zlib = false; # http://crbug.com/143623
 
     use_system_harfbuzz = false;
     use_system_icu = false;
-    use_system_libwebp = false; # See chromium issue #133161
+    use_system_libwebp = false; # http://crbug.com/133161
     use_system_skia = false;
-    use_system_sqlite = false; # See chromium issue #22208
+    use_system_sqlite = false; # http://crbug.com/22208
     use_system_v8 = false;
   };
 
@@ -78,23 +81,20 @@ let
     libevent expat libjpeg
     libpng libxml2 libxslt
     xdg_utils yasm zlib
+    libusb1 libexif
   ];
 
-  seccompPatch = let
-    pre22 = versionOlder sourceInfo.version "22.0.0.0";
-  in if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch;
+  maybeSeccompPatch = let
+    pre23 = versionOlder sourceInfo.version "23.0.0.0";
+  in optional pre23 ./enable_seccomp.patch;
 
-  # XXX: this reverts r151720 to prevent http://crbug.com/143623
-  maybeRevertZlibChanges = let
-    below22_91 = versionOlder sourceInfo.version "22.0.1229.91";
+  maybeBpfTemporaryFix = let
     patch = fetchurl {
-      name = "revert-r151720";
-      url = "http://git.chromium.org/gitweb/?p=chromium.git;a=commitdiff_plain;"
-          + "hp=4419ec6414b33b6b19bb2e380b4998ed5193ecab;"
-          + "h=0fabb4fda7059a8757422e8a44e70deeab28e698";
-      sha256 = "0n0d6mkg89g8q63cifapzpg9dxfs2n6xvk4k13szhymvf67b77pf";
+      url = "https://chromiumcodereview.appspot.com/download/issue11032056_1_2.diff";
+      sha256 = "eb13dc627940ad56939837ad1093b2c388f6cf79f1f25cdc1b2e25e987c73d1c";
     };
-  in optional (below22_91) patch;
+    needPatch = !versionOlder sourceInfo.version "23.0.1271.0";
+  in optional needPatch patch;
 
 in stdenv.mkDerivation rec {
   name = "${packageName}-${version}";
@@ -127,10 +127,10 @@ in stdenv.mkDerivation rec {
 
   prePatch = "patchShebangs .";
 
-  patches = optional (!cfg.selinux) seccompPatch
-         ++ optional cfg.cups ./cups_allow_deprecated.patch
+  patches = optional cfg.cups ./cups_allow_deprecated.patch
          ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch
-         ++ maybeRevertZlibChanges;
+         ++ maybeSeccompPatch
+         ++ maybeBpfTemporaryFix;
 
   postPatch = optionalString cfg.openssl ''
     cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch
index edeee37f19c..f947d796f18 100644
--- a/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch
+++ b/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch
@@ -1,12 +1,12 @@
-diff --git a/content/common/seccomp_sandbox.h b/content/common/seccomp_sandbox.h
-index a07d6f3..a622a35 100644
---- a/content/common/seccomp_sandbox.h
-+++ b/content/common/seccomp_sandbox.h
-@@ -29,15 +29,9 @@ static bool SeccompSandboxEnabled() {
-   // TODO(evan): turn on for release too once we've flushed out all the bugs,
-   // allowing us to delete this file entirely and just rely on the "disabled"
-   // switch.
--#ifdef NDEBUG
+diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
+index d4618e5..108f846 100644
+--- a/content/common/sandbox_linux.cc
++++ b/content/common/sandbox_linux.cc
+@@ -38,15 +38,9 @@ void LogSandboxStarted(const std::string& sandbox_name) {
+ // Implement the command line enabling logic for seccomp-legacy.
+ bool IsSeccompLegacyDesired() {
+ #if defined(SECCOMP_SANDBOX)
+-#if defined(NDEBUG)
 -  // Off by default; allow turning on with a switch.
 -  return CommandLine::ForCurrentProcess()->HasSwitch(
 -      switches::kEnableSeccompSandbox);
@@ -15,6 +15,6 @@ index a07d6f3..a622a35 100644
    return !CommandLine::ForCurrentProcess()->HasSwitch(
        switches::kDisableSeccompSandbox);
 -#endif  // NDEBUG
- }
  #endif  // SECCOMP_SANDBOX
- 
+   return false;
+ }
diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp22.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp22.patch
deleted file mode 100644
index f947d796f18..00000000000
--- a/pkgs/applications/networking/browsers/chromium/enable_seccomp22.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
-index d4618e5..108f846 100644
---- a/content/common/sandbox_linux.cc
-+++ b/content/common/sandbox_linux.cc
-@@ -38,15 +38,9 @@ void LogSandboxStarted(const std::string& sandbox_name) {
- // Implement the command line enabling logic for seccomp-legacy.
- bool IsSeccompLegacyDesired() {
- #if defined(SECCOMP_SANDBOX)
--#if defined(NDEBUG)
--  // Off by default; allow turning on with a switch.
--  return CommandLine::ForCurrentProcess()->HasSwitch(
--      switches::kEnableSeccompSandbox);
--#else
-   // On by default; allow turning off with a switch.
-   return !CommandLine::ForCurrentProcess()->HasSwitch(
-       switches::kDisableSeccompSandbox);
--#endif  // NDEBUG
- #endif  // SECCOMP_SANDBOX
-   return false;
- }
diff --git a/pkgs/applications/networking/browsers/chromium/sources.nix b/pkgs/applications/networking/browsers/chromium/sources.nix
index 9d2a7893102..8dd406e5ea4 100644
--- a/pkgs/applications/networking/browsers/chromium/sources.nix
+++ b/pkgs/applications/networking/browsers/chromium/sources.nix
@@ -1,14 +1,14 @@
 # This file is autogenerated from update.sh in the same directory.
 {
   dev = {
-    version = "23.0.1271.10";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-23.0.1271.10.tar.bz2";
-    sha256 = "1jm9fhnq978lfn21xripf7l2n362axinggnxlz7rcc9as1y086y3";
+    version = "24.0.1284.2";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-24.0.1284.2.tar.bz2";
+    sha256 = "0lp3r4n3d71wy2ndzcfwvrp9vc1ii98pxip1c8hfinz994ca1ykx";
   };
   beta = {
-    version = "22.0.1229.91";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-22.0.1229.91.tar.bz2";
-    sha256 = "1b47rb5hw0k2fwc4jvmjpmxbhmqxgkz66j3mrjy4f8im41hmndyw";
+    version = "23.0.1271.17";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-23.0.1271.17.tar.bz2";
+    sha256 = "1nyc2s378sx7ymmginipiphygg7s59iwg2kirlbgz60fl8wygzv2";
   };
   stable = {
     version = "22.0.1229.79";