diff --git a/extra/chromium/0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch b/extra/chromium/0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch
new file mode 100644
index 000000000..40ce3a3a2
--- /dev/null
+++ b/extra/chromium/0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch
@@ -0,0 +1,33 @@
+From 1da1e686a87ad9f95d26786d2b53a1a4c280189f Mon Sep 17 00:00:00 2001
+From: agl <agl@chromium.org>
+Date: Wed, 20 May 2015 13:20:29 -0700
+Subject: [PATCH] NSS: reject DH groups smaller than 1024 bits.
+
+Since some platforms are still using NSS for now, this change mirrors https://boringssl-review.googlesource.com/#/c/4813/ in NSS.
+
+BUG=490240
+
+Review URL: https://codereview.chromium.org/1143303002
+
+Cr-Commit-Position: refs/heads/master@{#330791}
+---
+ net/third_party/nss/ssl/ssl3con.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
+index 89c98ea..861d434 100644
+--- a/net/third_party/nss/ssl/ssl3con.c
++++ b/net/third_party/nss/ssl/ssl3con.c
+@@ -6946,7 +6946,8 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+     	if (rv != SECSuccess) {
+ 	    goto loser;		/* malformed. */
+ 	}
+-	if (dh_p.len < 512/8) {
++	if (dh_p.len < 1024/8 ||
++	    (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) {
+ 	    errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
+ 	    goto alert_loser;
+ 	}
+-- 
+2.4.2
+
diff --git a/extra/chromium/0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch b/extra/chromium/0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch
new file mode 100644
index 000000000..b7c2752f0
--- /dev/null
+++ b/extra/chromium/0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch
@@ -0,0 +1,32 @@
+From aa9abe7692a3ee99b69811594938d97cb180351e Mon Sep 17 00:00:00 2001
+From: avi <avi@chromium.org>
+Date: Wed, 20 May 2015 13:57:17 -0700
+Subject: [PATCH] Use the correct URL for ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
+ errors.
+
+BUG=490260,490240
+TEST=as in bug
+
+Review URL: https://codereview.chromium.org/1148943002
+
+Cr-Commit-Position: refs/heads/master@{#330799}
+---
+ chrome/common/localized_error.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/chrome/common/localized_error.cc b/chrome/common/localized_error.cc
+index 0c4ad43..1ea56b1 100644
+--- a/chrome/common/localized_error.cc
++++ b/chrome/common/localized_error.cc
+@@ -49,7 +49,7 @@ namespace {
+ static const char kRedirectLoopLearnMoreUrl[] =
+     "https://www.google.com/support/chrome/bin/answer.py?answer=95626";
+ static const char kWeakDHKeyLearnMoreUrl[] =
+-    "http://sites.google.com/a/chromium.org/dev/"
++    "https://www.chromium.org/administrators/"
+     "err_ssl_weak_server_ephemeral_dh_key";
+ #if defined(OS_CHROMEOS)
+ static const char kAppWarningLearnMoreUrl[] =
+-- 
+2.4.2
+
diff --git a/extra/chromium/PKGBUILD b/extra/chromium/PKGBUILD
index 0b7fabdae..8a6b7cd1c 100644
--- a/extra/chromium/PKGBUILD
+++ b/extra/chromium/PKGBUILD
@@ -21,8 +21,8 @@
 buildarch=4
 
 pkgname=chromium
-pkgver=43.0.2357.125
-pkgrel=2
+pkgver=43.0.2357.130
+pkgrel=1
 _launcher_ver=2
 pkgdesc="The open-source project behind Google Chrome, an attempt at creating a safer, faster, and more stable browser"
 arch=('armv6h' 'armv7h')
@@ -43,14 +43,18 @@ install=chromium.install
 source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
         chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz
         chromium.desktop
+        0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch
+        0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch
         add-build-flag-to-disable-hotwording.patch
         arm-webrtc-fix.patch
         chromium-arm-r0.patch
         v6-ffmpeg.patch
         chromium-widevine.patch)
-sha256sums=('af1774d093f90f9ccfd7def3b2b3a8caa109274ac28d4bec0285e50f8a5a5405'
+sha256sums=('62fb55439396a5d49ba53d4377e8d2554c14c2e8a6255f07909ccee8f248002e'
             '7f91c81721092d707d7b94e6555a48bc7fd0bc0e1174df4649bdcd745930e52f'
             '028a748a5c275de9b8f776f97909f999a8583a4b77fd1cd600b4fc5c0c3e91e9'
+            '46daf921ed7eaab175f5a86b09357c69c33a10ffe1d4e7c24476af510c1b28d0'
+            '8fb428244be7b50268a2848a34405c5551232e5c77f9e553cfdd3103979748d2'
             '3a1c589aa90c0597776d945d34638d43e2d40d93bc1962148815831a5122ac4e'
             '9db0f01517c52e3236ff52e8a664840542a19144a54923ae6aabea3dcfa92c52'
             'df4be49770d508b772f98eda9fc5f37fa71d4c0459437e12f7f3db5892aa1611'
@@ -69,6 +73,12 @@ _google_default_client_secret=0ZChLK6AxeA3Isu96MkwqDR4
 prepare() {
   cd "$srcdir/$pkgname-$pkgver"
 
+  # https://code.google.com/p/chromium/issues/detail?id=490240
+  patch -Np1 -i ../0001-NSS-reject-DH-groups-smaller-than-1024-bits.patch
+
+  # https://code.google.com/p/chromium/issues/detail?id=490260
+  patch -Np1 -i ../0001-Use-the-correct-URL-for-ERR_SSL_WEAK_SERVER_EPHEMERA.patch
+
   # Add build flag to disable 'Ok Google' hotwording feature
   # The issue with this functionality is that it downloads a binary blob
   # and that this behavior cannot be disabled if a user wishes to do so.