That's even worse! One of the major points of an application being installed by root is that it's protected from modification by users and programs users run.
Having the program be installed by root but not require admin rights to update, I presume. That sort of system is quite possible with services or scheduled tasks on Windows. In fact MSI can do that already as long as everything is signed.
The MSI offers a number of GPO switches so a domain admin can do things like disable auto-updates, disable extensions from being installed, black- or whitelist individual extensions, etc. You're commenting like you've never actually done this, which is probably why you're being downvoted.
By comparison, Chrome for Enterprise currently offers only about a dozen GPO switches and IE6 offers 1300, but the dozen they chose cover about 90% of possible use cases and the team is working on adding more all the time, as they are justified.
The kind of user who could modify chrome to subvert the will of administrators is the kind of user who could figure out a way around the root restrictions in the first place, most likely.
If it is a virus/exploit issue that you are worried about, my bet is that an auto-updating chrome is better protected from these than a root-restricted but out-of-date browser.
Thanks for the heads up.