diff --git a/extra/chromium/0001-Ensure-all-targets-build-when-target_arch-arm-and-ta.patch b/extra/chromium/0001-Ensure-all-targets-build-when-target_arch-arm-and-ta.patch
deleted file mode 100644
index 0464226d8..000000000
--- a/extra/chromium/0001-Ensure-all-targets-build-when-target_arch-arm-and-ta.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From dda2408df2d378873ec2e18c8f20074968d265cf Mon Sep 17 00:00:00 2001
-From: Tom Anderson <thomasanderson@chromium.org>
-Date: Wed, 16 May 2018 03:23:04 +0000
-Subject: [PATCH] Ensure all targets build when target_arch="arm" and
- target_os="linux"
-
-Also requires these third party changes:
-https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1060155
-https://chromium-review.googlesource.com/c/native_client/src/native_client/+/1060158
-
-BUG=843240
-R=thakis
-TBR=wfh
-
-Change-Id: I9288967e238ab5319e1c963fffd58b9fe4be3692
-Reviewed-on: https://chromium-review.googlesource.com/1060129
-Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
-Reviewed-by: Nico Weber <thakis@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#558953}
----
- chrome/installer/linux/rpm/build.sh                     | 1 +
- sandbox/win/src/crosscall_client.h                      | 3 ++-
- third_party/crashpad/crashpad/compat/linux/sys/ptrace.h | 2 +-
- 3 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/chrome/installer/linux/rpm/build.sh b/chrome/installer/linux/rpm/build.sh
-index 261faeaf26f3..67faf75787c6 100755
---- a/chrome/installer/linux/rpm/build.sh
-+++ b/chrome/installer/linux/rpm/build.sh
-@@ -252,6 +252,7 @@ cd "${OUTPUTDIR}"
- case "$TARGETARCH" in
-   arm )
-     export ARCHITECTURE="armhf"
-+    stage_install_rpm
-     ;;
-   ia32 )
-     export ARCHITECTURE="i386"
-diff --git a/sandbox/win/src/crosscall_client.h b/sandbox/win/src/crosscall_client.h
-index c05e4978c0f1..7bcfb3cfd94e 100644
---- a/sandbox/win/src/crosscall_client.h
-+++ b/sandbox/win/src/crosscall_client.h
-@@ -8,6 +8,7 @@
- #include <stddef.h>
- #include <stdint.h>
- 
-+#include "base/compiler_specific.h"
- #include "sandbox/win/src/crosscall_params.h"
- #include "sandbox/win/src/sandbox.h"
- 
-@@ -150,7 +151,7 @@ class CopyHelper<const wchar_t*> {
-   // We provide our not very optimized version of wcslen(), since we don't
-   // want to risk having the linker use the version in the CRT since the CRT
-   // might not be present when we do an early IPC call.
--  static size_t __cdecl StringLength(const wchar_t* wcs) {
-+  static size_t CDECL StringLength(const wchar_t* wcs) {
-     const wchar_t* eos = wcs;
-     while (*eos++)
-       ;
-diff --git a/third_party/crashpad/crashpad/compat/linux/sys/ptrace.h b/third_party/crashpad/crashpad/compat/linux/sys/ptrace.h
-index 73861576d61e..e5c95c7cc859 100644
---- a/third_party/crashpad/crashpad/compat/linux/sys/ptrace.h
-+++ b/third_party/crashpad/crashpad/compat/linux/sys/ptrace.h
-@@ -34,7 +34,7 @@ static constexpr __ptrace_request PTRACE_GET_THREAD_AREA =
- #endif  // !PTRACE_GET_THREAD_AREA && !PT_GET_THREAD_AREA && defined(__GLIBC__)
- 
- // https://sourceware.org/bugzilla/show_bug.cgi?id=22433
--#if !defined(PTRACE_GETVFPREGS) && \
-+#if !defined(PTRACE_GETVFPREGS) && !defined(PT_GETVFPREGS) && \
-     defined(__GLIBC__) && (defined(__arm__) || defined(__arm64__))
- static constexpr __ptrace_request PTRACE_GETVFPREGS =
-     static_cast<__ptrace_request>(27);
--- 
-2.17.0
-
diff --git a/extra/chromium/PKGBUILD b/extra/chromium/PKGBUILD
index b3e5fa51f..7ba3101f7 100644
--- a/extra/chromium/PKGBUILD
+++ b/extra/chromium/PKGBUILD
@@ -5,18 +5,19 @@
 # Contributor: Daniel J Griffiths <ghost1227@archlinux.us>
 
 # ALARM: Kevin Mihelich <kevin@archlinuxarm.org>
-#  - patch to fix skia build on AArch64
 #  - makeflags to -j4 on v7, RAM constraints
 #  - build ARMv7 with NEON
 #  - let build set march on AArch64
-#  - disable cfi, gold linker
+#  - is_cfi=false, use_gold=false
+#  - clang_use_default_sample_profile=false, AFDO breaks distcc
+#  - use_allocator="none", tcmalloc breaks ARM
 
 buildarch=12
 highmem=1
 noautobuild=1
 
 pkgname=chromium
-pkgver=68.0.3440.75
+pkgver=68.0.3440.84
 pkgrel=1
 _launcher_ver=6
 pkgdesc="A web browser built for speed, simplicity, and security"
@@ -36,24 +37,26 @@ source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgn
         chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz
         x11-fix-mixup-between-DIP-pixel-coordinates.patch
         blink-disable-XML-catalogs-at-runtime.patch
+        fix-cfi-icall-failure-with-use_system_libjpeg-true.patch
+        only-disable-cfi-icall-when-use_system_libjpeg-true.patch
         chromium-cors-string-r0.patch
         chromium-ffmpeg-r1.patch
         chromium-libjpeg-r0.patch
         chromium-libwebp-shim-r0.patch
         chromium-widevine-r2.patch
-        chromium-skia-harmony.patch
-        0001-Ensure-all-targets-build-when-target_arch-arm-and-ta.patch)
-sha256sums=('dc17783267853bdc0fb726363d2b8e30a0bf43b6cc2c768e1f37c92e8eb59541'
+        chromium-skia-harmony.patch)
+sha256sums=('1031d167ae18d8a37f9291ff0e9a3dca2337c0fc1031f2c243d0327b14ecc9d9'
             '04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1'
             'e2c2754536243a60fa70541bbd4121715eccd83caa8f1fb1873bd994cd81f871'
             '98a5c41cf9687c52ee380d2b683c95387334c76254479c347bdb733646dab815'
+            '97b421bc60a4abdf37de2d88a51b973e9f68fb44d1eccd464adfb3d9f5d71478'
+            '9cae9ded6497afd15ad72d963897425ab6c7f28941bb3c3948e7996610a0d180'
             'f4141e48a25a1403250e9040c18936a16250ab707064dd54103066f40c7db41c'
             'aa885330bc4180b78d915f9dfdfc3210038a0acab7b16735ea9828ab6a633bde'
             '6b8fc570607631d3558e99a82e92c11eeae9c960ebb0a83c13d46344d4b6adca'
             'b368f3827ee4c47c942085e3d2cfbea43f8899b101e01500dbf6a7b01b2b29e0'
             '02c69bb3954087db599def7f5b6d65cf8f7cf2ed81dfbdaa4bb7b51863b4df15'
-            'feca54ab09ac0fc9d0626770a6b899a6ac5a12173c7d0c1005bc3964ec83e7b3'
-            '9e4d63c582b316edaa550aae6fe6623f0df1a94c53f97bae4b0d7826e0779a32')
+            'feca54ab09ac0fc9d0626770a6b899a6ac5a12173c7d0c1005bc3964ec83e7b3')
 
 # Possible replacements are listed in build/linux/unbundle/replace_gn_files.py
 # Keys are the names in the above script; values are the dependencies in Arch
@@ -99,7 +102,6 @@ prepare() {
     tools/generate_shim_headers/generate_shim_headers.py
 
   # Arch Linux ARM fixes
-  patch -p1 -i ../0001-Ensure-all-targets-build-when-target_arch-arm-and-ta.patch
 
   # Build ARMv7 with NEON
   [[ $CARCH == "armv7h" ]] && MAKEFLAGS="-j4" && CFLAGS=`echo $CFLAGS | sed -e 's/vfpv3-d16/neon/'` && CXXFLAGS="$CFLAGS"
@@ -113,6 +115,10 @@ prepare() {
   # https://crbug.com/736026
   patch -Np1 -i ../blink-disable-XML-catalogs-at-runtime.patch
 
+  # https://crbug.com/866290
+  patch -Np1 -i ../fix-cfi-icall-failure-with-use_system_libjpeg-true.patch
+  patch -Np1 -i ../only-disable-cfi-icall-when-use_system_libjpeg-true.patch
+
   # https://crbug.com/skia/6663#c10
   patch -Np4 -i ../chromium-skia-harmony.patch
 
@@ -170,8 +176,9 @@ build() {
     'custom_toolchain="//build/toolchain/linux/unbundle:default"'
     'host_toolchain="//build/toolchain/linux/unbundle:default"'
     'clang_use_chrome_plugins=false'
+    'clang_use_default_sample_profile=false'
+    'use_allocator="none"'
     'is_official_build=true' # implies is_cfi=true on x86_64
-    'use_cfi_icall=false' # https://crbug.com/866290
     'is_cfi=false'
     'is_debug=false'
     'treat_warnings_as_errors=false'
diff --git a/extra/chromium/fix-cfi-icall-failure-with-use_system_libjpeg-true.patch b/extra/chromium/fix-cfi-icall-failure-with-use_system_libjpeg-true.patch
new file mode 100644
index 000000000..3c27898ed
--- /dev/null
+++ b/extra/chromium/fix-cfi-icall-failure-with-use_system_libjpeg-true.patch
@@ -0,0 +1,52 @@
+From db82db1b609f30d144d45477f55697818bcd363c Mon Sep 17 00:00:00 2001
+From: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
+Date: Tue, 31 Jul 2018 01:03:22 +0000
+Subject: [PATCH] Fix cfi-icall failure with use_system_libjpeg=true
+
+JPEGImageReader::AllocateSampleArray() can call the function pointer
+(*info_.mem->alloc_sarray) which can be set by the systems non-CFI
+enabled libjpeg DSO when chromium is built with use_system_libjpeg=true.
+Disable cfi-icall for that method.
+
+Bug: 866290
+Change-Id: I6d9bbf08c514d6d5f48ad34c3802c63419ed1223
+Reviewed-on: https://chromium-review.googlesource.com/1155927
+Reviewed-by: Kentaro Hara <haraken@chromium.org>
+Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#579270}
+---
+ .../renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc | 2 +-
+ third_party/blink/renderer/platform/wtf/compiler.h              | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc b/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
+index a1e440f6eed5..fd4e72ba053c 100644
+--- a/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
++++ b/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
+@@ -643,7 +643,7 @@ class JPEGImageReader final {
+   IntSize UvSize() const { return uv_size_; }
+ 
+  private:
+-  JSAMPARRAY AllocateSampleArray() {
++  NO_SANITIZE_CFI_ICALL JSAMPARRAY AllocateSampleArray() {
+ // Some output color spaces don't need the sample array: don't allocate in that
+ // case.
+ #if defined(TURBO_JPEG_RGB_SWIZZLE)
+diff --git a/third_party/blink/renderer/platform/wtf/compiler.h b/third_party/blink/renderer/platform/wtf/compiler.h
+index 51595afdc955..5225a70309d6 100644
+--- a/third_party/blink/renderer/platform/wtf/compiler.h
++++ b/third_party/blink/renderer/platform/wtf/compiler.h
+@@ -57,8 +57,10 @@
+ #if defined(__clang__)
+ #define NO_SANITIZE_UNRELATED_CAST \
+   __attribute__((no_sanitize("cfi-unrelated-cast", "vptr")))
++#define NO_SANITIZE_CFI_ICALL __attribute__((no_sanitize("cfi-icall")))
+ #else
+ #define NO_SANITIZE_UNRELATED_CAST
++#define NO_SANITIZE_CFI_ICALL
+ #endif
+ 
+ #endif /* WTF_Compiler_h */
+-- 
+2.18.0
+
diff --git a/extra/chromium/only-disable-cfi-icall-when-use_system_libjpeg-true.patch b/extra/chromium/only-disable-cfi-icall-when-use_system_libjpeg-true.patch
new file mode 100644
index 000000000..3a71f8c05
--- /dev/null
+++ b/extra/chromium/only-disable-cfi-icall-when-use_system_libjpeg-true.patch
@@ -0,0 +1,34 @@
+From 20f81a066ffdf6bd30fb4b696b8b3e101368e2f6 Mon Sep 17 00:00:00 2001
+From: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
+Date: Tue, 31 Jul 2018 23:21:09 +0000
+Subject: [PATCH] Only disable cfi-icall when use_system_libjpeg=true
+
+Bug: 866290
+Change-Id: Ic5d175b3b854665f50781650406d599d09ee9849
+Reviewed-on: https://chromium-review.googlesource.com/1157136
+Reviewed-by: Kentaro Hara <haraken@chromium.org>
+Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#579614}
+---
+ .../platform/image-decoders/jpeg/jpeg_image_decoder.cc       | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc b/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
+index fd4e72ba053c..afa90d83efee 100644
+--- a/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
++++ b/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
+@@ -643,7 +643,10 @@ class JPEGImageReader final {
+   IntSize UvSize() const { return uv_size_; }
+ 
+  private:
+-  NO_SANITIZE_CFI_ICALL JSAMPARRAY AllocateSampleArray() {
++#if defined(USE_SYSTEM_LIBJPEG)
++  NO_SANITIZE_CFI_ICALL
++#endif
++  JSAMPARRAY AllocateSampleArray() {
+ // Some output color spaces don't need the sample array: don't allocate in that
+ // case.
+ #if defined(TURBO_JPEG_RGB_SWIZZLE)
+-- 
+2.18.0
+