The source code says the data is only valid for 10 weeks. If Google releases a new version of Chrome every 6 weeks, then a user could never skip a single version of Chrome without becoming vulnerable.
That doesn't seem like it's enough time. I would expect one year or at least 6 months.
That doesn't seem like it's enough time. I would expect one year or at least 6 months.