diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index df2a8ca5ce78..9fc3b3896afe 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -137,6 +137,11 @@ in stdenv.mkDerivation rec {
   '' + optionalString (versionOlder sourceInfo.version "29.0.0.0") ''
     sed -i -e '/struct SECItemArray/,/^};/d' \
       net/third_party/nss/ssl/bodge/secitem_array.c
+  '' + optionalString (!versionOlder sourceInfo.version "30.0.0.0") ''
+    sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \
+      sandbox_binary = \
+        base::FilePath("'"${libExecPath}/${packageName}_sandbox"'");
+    ' content/browser/browser_main_loop.cc
   '';
 
   gypFlags = mkGypFlags (gypFlagsUseSystemLibs // {
diff --git a/pkgs/applications/networking/browsers/chromium/sandbox_userns_30.patch b/pkgs/applications/networking/browsers/chromium/sandbox_userns_30.patch
index ef1a08ee313a..9a412352c521 100644
--- a/pkgs/applications/networking/browsers/chromium/sandbox_userns_30.patch
+++ b/pkgs/applications/networking/browsers/chromium/sandbox_userns_30.patch
@@ -1,4 +1,4 @@
-commit b9a1fa30eb3296b169f51ffa8ee05513c5c1dbae
+commit 41510de6ae32e6161073992bd1243f7f33148a06
 Author: aszlig <aszlig@redmoonstudios.org>
 Date:   Thu May 16 14:17:56 2013 +0200
 
@@ -43,10 +43,10 @@ index 45b1053..ce71418 100644
  
  #if defined(OS_CHROMEOS)
 diff --git a/base/process/launch_posix.cc b/base/process/launch_posix.cc
-index 336633c..4b50a5d 100644
+index 52e149c..312f835 100644
 --- a/base/process/launch_posix.cc
 +++ b/base/process/launch_posix.cc
-@@ -36,6 +36,13 @@
+@@ -37,6 +37,13 @@
  #include "base/threading/platform_thread.h"
  #include "base/threading/thread_restrictions.h"
  
@@ -60,12 +60,11 @@ index 336633c..4b50a5d 100644
  #if defined(OS_CHROMEOS)
  #include <sys/ioctl.h>
  #endif
-@@ -395,8 +402,19 @@ bool LaunchProcess(const std::vector<std::string>& argv,
+@@ -416,13 +423,23 @@ bool LaunchProcess(const std::vector<std::string>& argv,
  
    pid_t pid;
  #if defined(OS_LINUX)
 -  if (options.clone_flags) {
--    pid = syscall(__NR_clone, options.clone_flags, 0, 0, 0);
 +  int map_pipe_fd[2];
 +  int flags = options.clone_flags;
 +
@@ -78,11 +77,18 @@ index 336633c..4b50a5d 100644
 +  }
 +
 +  if (options.clone_flags || options.new_user_namespace) {
+     // Signal handling in this function assumes the creation of a new
+     // process, so we check that a thread is not being created by mistake
+     // and that signal handling follows the process-creation rules.
+-    RAW_CHECK(
+-        !(options.clone_flags & (CLONE_SIGHAND | CLONE_THREAD | CLONE_VM)));
+-    pid = syscall(__NR_clone, options.clone_flags, 0, 0, 0);
++    RAW_CHECK(!(flags & (CLONE_SIGHAND | CLONE_THREAD | CLONE_VM)));
 +    pid = syscall(__NR_clone, flags, 0, 0, 0);
    } else
  #endif
    {
-@@ -409,6 +427,21 @@ bool LaunchProcess(const std::vector<std::string>& argv,
+@@ -440,6 +457,21 @@ bool LaunchProcess(const std::vector<std::string>& argv,
    } else if (pid == 0) {
      // Child process
  
@@ -104,7 +110,7 @@ index 336633c..4b50a5d 100644
      // DANGER: fork() rule: in the child, if you don't end up doing exec*(),
      // you call _exit() instead of exit(). This is because _exit() does not
      // call any previously-registered (in the parent) exit handlers, which
-@@ -523,6 +556,40 @@ bool LaunchProcess(const std::vector<std::string>& argv,
+@@ -555,6 +587,40 @@ bool LaunchProcess(const std::vector<std::string>& argv,
      _exit(127);
    } else {
      // Parent process
@@ -209,10 +215,10 @@ index bb84e62..bce0d18 100644
  
    if (using_suid_sandbox_) {
 diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc
-index dcea4c0..c06b4ae 100644
+index 1f0e9f5..ade5aab 100644
 --- a/content/zygote/zygote_main_linux.cc
 +++ b/content/zygote/zygote_main_linux.cc
-@@ -398,6 +398,13 @@ static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
+@@ -420,6 +420,13 @@ static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
        *has_started_new_init = true;
      }
  
diff --git a/pkgs/applications/networking/browsers/chromium/sources.nix b/pkgs/applications/networking/browsers/chromium/sources.nix
index a4769d172cd7..bfdcef1373d9 100644
--- a/pkgs/applications/networking/browsers/chromium/sources.nix
+++ b/pkgs/applications/networking/browsers/chromium/sources.nix
@@ -1,18 +1,18 @@
 # This file is autogenerated from update.sh in the same directory.
 {
   dev = {
-    version = "30.0.1588.0";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-30.0.1588.0.tar.xz";
-    sha256 = "1jwc2pkd75gax8vj8wzahhpzl6ilgrlj3bcbah975yy67m7c8p13";
+    version = "30.0.1599.10";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-30.0.1599.10.tar.xz";
+    sha256 = "1h6wak2sy0cawsk63gdbg7ggq8lg7cahs1v8i0hvzwm9k6apwphs";
   };
   beta = {
-    version = "29.0.1547.49";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-29.0.1547.49.tar.xz";
-    sha256 = "03r64rydi2kbxgi2dcpslmpb716ppadqy1jzrbw39icz5xpgmg3k";
+    version = "29.0.1547.57";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-29.0.1547.57.tar.xz";
+    sha256 = "0xl595fng7qzlc8vh73lslzchr6ayd4vlmz2mpqppb8pai520xxf";
   };
   stable = {
-    version = "28.0.1500.95";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-28.0.1500.95.tar.xz";
-    sha256 = "0d6pj57nyx7wfgxws98f6ly749flcyv7zg5sc3w16ggdxf5qhf1w";
+    version = "29.0.1547.57";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-29.0.1547.57.tar.xz";
+    sha256 = "0xl595fng7qzlc8vh73lslzchr6ayd4vlmz2mpqppb8pai520xxf";
   };
 }