Merge branch 'chromium-update'.

Was about to open a new pull request about how to proceed with the BPF seccomp
sandbox, but turns out that the Chromium security team not even has finished
reviewing the legacy sandbox (http://crbug.com/26528, next time look at the date
of the issue, shall we?), so it shouldn't make a big difference whether we
enable the old seccomp sandbox or the new BPF one.

Which of course won't make either of these options more secure and leaves us at
the same state we had before, just with chrome://sandbox stating "NOT adequately
sandboxed" which resembles the truth more closely.