diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index f9424f4d614a..e9e9961d1cd0 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -77,9 +77,9 @@ let
     xdg_utils yasm zlib
   ];
 
-  needSeccompPatch =
-    stdenv.lib.versionOlder sourceInfo.version "22.0.0.0"
-    && !config.selinux;
+  seccompPatch = let
+    pre22 = stdenv.lib.versionOlder sourceInfo.version "22.0.0.0";
+  in if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch;
 
 in stdenv.mkDerivation rec {
   name = "${packageName}-${version}";
@@ -112,7 +112,7 @@ in stdenv.mkDerivation rec {
 
   prePatch = "patchShebangs .";
 
-  patches = stdenv.lib.optional needSeccompPatch ./enable_seccomp.patch
+  patches = stdenv.lib.optional (!config.selinux) seccompPatch
          ++ stdenv.lib.optional config.cups ./cups_allow_deprecated.patch
          ++ stdenv.lib.optional config.pulseaudio ./pulseaudio_array_bounds.patch;
 
diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp22.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp22.patch
new file mode 100644
index 000000000000..f947d796f186
--- /dev/null
+++ b/pkgs/applications/networking/browsers/chromium/enable_seccomp22.patch
@@ -0,0 +1,20 @@
+diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
+index d4618e5..108f846 100644
+--- a/content/common/sandbox_linux.cc
++++ b/content/common/sandbox_linux.cc
+@@ -38,15 +38,9 @@ void LogSandboxStarted(const std::string& sandbox_name) {
+ // Implement the command line enabling logic for seccomp-legacy.
+ bool IsSeccompLegacyDesired() {
+ #if defined(SECCOMP_SANDBOX)
+-#if defined(NDEBUG)
+-  // Off by default; allow turning on with a switch.
+-  return CommandLine::ForCurrentProcess()->HasSwitch(
+-      switches::kEnableSeccompSandbox);
+-#else
+   // On by default; allow turning off with a switch.
+   return !CommandLine::ForCurrentProcess()->HasSwitch(
+       switches::kDisableSeccompSandbox);
+-#endif  // NDEBUG
+ #endif  // SECCOMP_SANDBOX
+   return false;
+ }