diff --git a/common/shlibs b/common/shlibs
index dbeab4dadfe..91f9ef8d640 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -784,6 +784,7 @@ libgfortran.so.3 libgfortran-4.4.0_1
 libblktapctl.so.1 xen-4.1.2_1
 libmozjs185.so.1.0 js-1.8.5_1
 libwebp.so.4 libwebp-0.2.0_1
+libwebpdemux.so.0 libwebp-0.2.0_1
 libva-x11.so.1 libva-1.0.14_1
 libva.so.1 libva-1.0.14_1
 libva-glx.so.1 libva-1.0.14_1
diff --git a/srcpkgs/chromium/patches/chromium-28.0.1500.71-avoid-std-string-copying-in-GetFileNameInWhitelist.patch b/srcpkgs/chromium/patches/chromium-28.0.1500.71-avoid-std-string-copying-in-GetFileNameInWhitelist.patch
new file mode 100644
index 00000000000..7b6729aa397
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-28.0.1500.71-avoid-std-string-copying-in-GetFileNameInWhitelist.patch
@@ -0,0 +1,49 @@
+# Fix deadlock related to the GPU sandbox when tcmalloc isn't used
+# https://code.google.com/p/chromium/issues/detail?id=255063
+# https://bugs.gentoo.org/show_bug.cgi?id=471198#c23
+
+diff --git a/sandbox/linux/services/broker_process.cc b/sandbox/linux/services/broker_process.cc
+index d2302ea098215c8188eb74b0d36da37506ff302a..7999e77fa34fcef4ad8575fa905d66f645df6986 100644
+--- sandbox/linux/services/broker_process.cc
++++ sandbox/linux/services/broker_process.cc
+@@ -53,7 +53,7 @@ static const int kCurrentProcessOpenFlagsMask = O_CLOEXEC;
+ // async signal safe if |file_to_open| is NULL.
+ // TODO(jln): assert signal safety.
+ bool GetFileNameInWhitelist(const std::vector<std::string>& allowed_file_names,
+-                            const std::string& requested_filename,
++                            const char* requested_filename,
+                             const char** file_to_open) {
+   if (file_to_open && *file_to_open) {
+     // Make sure that callers never pass a non-empty string. In case callers
+@@ -62,13 +62,17 @@ bool GetFileNameInWhitelist(const std::vector<std::string>& allowed_file_names,
+     RAW_LOG(FATAL, "*file_to_open should be NULL");
+     return false;
+   }
++
++  // Look for |requested_filename| in |allowed_file_names|.
++  // We don't use ::find() because it takes a std::string and
++  // the conversion allocates memory.
+   std::vector<std::string>::const_iterator it;
+-  it = std::find(allowed_file_names.begin(), allowed_file_names.end(),
+-                 requested_filename);
+-  if (it < allowed_file_names.end()) {  // requested_filename was found?
+-    if (file_to_open)
+-      *file_to_open = it->c_str();
+-    return true;
++  for (it = allowed_file_names.begin(); it != allowed_file_names.end(); it++) {
++    if (strcmp(requested_filename, it->c_str()) == 0) {
++      if (file_to_open)
++        *file_to_open = it->c_str();
++      return true;
++    }
+   }
+   return false;
+ }
+@@ -393,6 +397,7 @@ void BrokerProcess::AccessFileForIPC(const std::string& requested_filename,
+   const char* file_to_access = NULL;
+   const bool safe_to_access_file = GetFileNameIfAllowedToAccess(
+       requested_filename.c_str(), mode, &file_to_access);
++
+   if (safe_to_access_file) {
+     CHECK(file_to_access);
+     int access_ret = access(file_to_access, mode);
diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template
index eb71a1b31be..881f310e6c9 100644
--- a/srcpkgs/chromium/template
+++ b/srcpkgs/chromium/template
@@ -1,7 +1,7 @@
 # Template file for 'chromium'
 pkgname=chromium
 #See http://www.chromium.org/developers/calendar for the latest version
-version=28.0.1500.52
+version=29.0.1547.57
 revision=1
 short_desc="Google's attempt at creating a safer, faster, and more stable browser"
 maintainer="Juan RP <xtraeme@gmail.com>"
@@ -9,7 +9,7 @@ homepage="http://www.chromium.org/"
 license="BSD"
 _url_base="http://commondatastorage.googleapis.com"
 distfiles="${_url_base}/${pkgname}-browser-official/${pkgname}-${version}.tar.xz"
-checksum="7b3cbfbb9e5b9d21ffab23d39173611ddb0ba49488795b6db46a62be354518b4"
+checksum="ae77204a5417ad7bf1ade257ba49f3ca64c83ed5741cb811a31f9f675d498576"
 
 long_desc="
  Chromium is an open-source browser project that aims to build a safer,
@@ -24,42 +24,102 @@ makedepends="libpng-devel>=1.6 gtk+-devel nss-devel GConf-devel pciutils-devel
  libXi-devel libgcrypt-devel libgnome-keyring-devel cups-devel elfutils-devel
  libXcomposite-devel speech-dispatcher-devel libXrandr-devel mit-krb5-devel
  libXScrnSaver-devel alsa-lib-devel icu-devel protobuf-devel snappy-devel
- libxml2-devel libxslt-devel opus-devel hunspell-devel pulseaudio-devel
- libvpx-devel libflac-devel speex-devel libusb-devel libmtp-devel
+ libxml2-devel libxslt-devel opus-devel pulseaudio-devel nss-devel
+ libflac-devel speex-devel libusb-devel libmtp-devel v8-devel>=3.19.18.4
  libjpeg-turbo-devel libevent-devel json-c-devel re2-devel harfbuzz-devel
- libwebp-devel minizip-devel libsrtp-devel jsoncpp-devel"
+ libwebp-devel minizip-devel jsoncpp-devel zlib-devel hwids"
 
 do_configure() {
-	unset LD LDFLAGS
+	local conf=""
 
-	# TODO
-	# See https://crbug.com/28287
-	# use_system_v8=1 (http://crbug.com/29050 fixed for chromium-27)
-	# use_system_ffmpeg=1 (most likely libvpx-related, check on chromium-27)
-	# disable_pnacl=0 (http://crbug.com/224169)
-	# use_system_sqlite=1 (http://crbug.com/22208)
-	# use_system_ssl=1 (http://crbug.com/58087)
-	# use_system_tcmalloc=1 (https://crbug.com/174634 WontFix?)
-	# use_system_hyphen=1 (http://crbug.com/176285)
+	export LD="$CXX"
 
-	build/gyp_chromium -f make build/all.gyp --depth=. -Dwerror= \
-	 -Dlinux_use_gold_binary=0 -Dlinux_use_gold_flags=0 \
-	 -Dlinux_sandbox_path=/usr/lib/chromium/chromium-sandbox \
-	 -Ddisable_sse2=1 -Drelease_extra_cflags="$CFLAGS" \
-	 -Dffmpeg_branding=Chrome -Dproprietary_codecs=1 \
-	 -Dlinux_link_libpci=1 -Dlinux_link_pulseaudio=1 \
-	 -Dlinux_link_libspeechd=1 -Dlibspeechd_h_prefix=speech-dispatcher/ \
-	 -Duse_gconf=0 -Dlinux_use_tcmalloc=0 -Dlinux_link_gsettings=1 \
-	 -Ddisable_nacl=1 -Duse_system_bzip2=1 -Duse_system_expat=1 \
-	 -Duse_system_flac=1 -Duse_system_harfbuzz=1 -Duse_system_icu=1 \
-	 -Duse_system_jsoncpp=1 -Duse_system_libevent=1 -Duse_system_libexif=1 \
-	 -Duse_system_libjpeg=1 -Duse_system_libmtp=1 -Duse_system_libpng=1 \
-	 -Duse_system_libsrtp=1 -Duse_system_libusb=1 -Duse_system_libwebp=1 \
-	 -Duse_system_libxml=1 -Duse_system_minizip=1 \
-	 -Duse_system_nspr=1 -Duse_system_opus=1 -Duse_system_protobuf=1 \
-	 -Duse_system_re2=1 -Duse_system_speex=1 -Duse_system_stlport=1 \
-	 -Duse_system_yasm=1 -Duse_system_zlib=1 -Duse_system_xdg=1 \
-	 -Duse_system_libvpx=1 -Duse_system_hunspell=1 -Duse_system_snappy=1
+	# Never tell the build system to "enable" SSE2, it has a few unexpected
+	conf+=" -Ddisable_sse2=1"
+
+	# Disable glibc Native Client toolchain, we don't need it (bug #417019).
+	conf+=" -Ddisable_glibc=1"
+
+	# TODO: disable pnacl
+	conf+=" -Ddisable_pnacl=1"
+
+	# TODO: disable nacl
+	conf+=" -Ddisable_nacl=1"
+
+	# It would be awkward for us to tar the toolchain and get it untarred again
+	# during the build.
+	conf+=" -Ddisable_newlib_untar=1"
+
+	# Use system-provided libraries.
+	# TODO: use_system_hunspell (upstream changes needed).
+	# TODO: use_system_libsrtp (bug #459932).
+	# TODO: use_system_ssl (http://crbug.com/58087).
+	# TODO: use_system_sqlite (http://crbug.com/22208).
+	conf+="
+		-Duse_system_bzip2=1
+		-Duse_system_flac=1
+		-Duse_system_harfbuzz=1
+		-Duse_system_icu=1
+		-Duse_system_jsoncpp=1
+		-Duse_system_libevent=1
+		-Duse_system_libjpeg=1
+		-Duse_system_libpng=1
+		-Duse_system_libusb=1
+		-Duse_system_libwebp=1
+		-Duse_system_libxml=1
+		-Duse_system_libxslt=1
+		-Duse_system_minizip=1
+		-Duse_system_nspr=1
+		-Duse_system_opus=1
+		-Duse_system_protobuf=1
+		-Duse_system_re2=1
+		-Duse_system_snappy=1
+		-Duse_system_speex=1
+		-Duse_system_v8=1
+		-Duse_system_xdg_utils=1
+		-Duse_system_zlib=1
+		-Duse_system_yasm=1
+		-Duse_cups=1
+		-Dlinux_link_cups=1
+		-Duse_pulseaudio=1
+		-Dlinux_link_pulseaudio=1
+		-Duse_gconf=0"
+
+	# TODO: re-enable on vp9 libvpx release (http://crbug.com/174287).
+	# conf+=" -Dmedia_use_libvpx=0"
+
+	# Use explicit library dependencies instead of dlopen.
+	conf+="
+		-Dlinux_link_gsettings=1
+		-Dlinux_link_libpci=1
+		-Dlinux_link_libspeechd=1
+		-Dlibspeechd_h_prefix=speech-dispatcher/"
+
+	# TODO: use the file at run time instead of effectively compiling it in.
+	conf+=" -Dusb_ids_path=/usr/share/hwdata/usb.ids"
+
+	# Enable SUID sandbox.
+	conf+=" -Dlinux_sandbox_path=/usr/lib/chromium/chromium-sandbox"
+
+	# Never use bundled gold binary. Disable gold linker flags for now.
+	conf+=" -Dlinux_use_gold_binary=0 -Dlinux_use_gold_flags=0"
+
+	# Always support proprietary codecs.
+	conf+=" -Dproprietary_codecs=1"
+
+	# Enable H.264 support in bundled ffmpeg.
+	conf+=" -Dffmpeg_branding=Chrome"
+
+	# Make sure that -Werror doesn't get added to CFLAGS by the build system.
+	# Depending on GCC version the warnings are different and we don't want
+	# the build to fail because of that.
+	conf+=" -Dwerror="
+
+	# Disable tcmalloc.
+	conf+=" -Dlinux_use_tcmalloc=0"
+
+	build/linux/unbundle/replace_gyp_files.py ${conf}
+	build/gyp_chromium --depth=. -f make ${conf} -Drelease_extra_cflags="$CFLAGS"
 }
 
 do_build() {