This doesn't seem any worse than Chrome continually updating itself.

Both of them doing that in mandatory fashion is unacceptable.

I might be OK with running this bit of their code on my computer, but it's not an open bar for dropping anything executable onto my machine at will.

It is pretty easy to prevent chrome auto-updates with a firewall rule and by configuration (https://www.chromium.org/administrators/turning-off-auto-upd...).

But unless you audited the chrome code (with a team of 1000 experts) you have already trusted them, both to write quality code and to prevent malicious code sneaking in. Why not trust them to patch your browser against malware?

Feel free to contribute to ungoogled chromium: https://github.com/Eloston/ungoogled-chromium