Windows (and it's inevitably Windows) knows enough to realize "hey, this Chrome isn't the Chrome that was here yesterday." Signed binaries and SmartScreen work together well enough that even when Chrome is installed to a user-writable directory, it'll get punted if a virus actually changes it.
What if the virus just installs the binary somewhere else, then updates the shortcut? There are hundreds of possible ways, it just seems futile to plug a particular leak.
What if the virus just installs the binary somewhere else, then updates the shortcut? There are hundreds of possible ways, it just seems futile to plug a particular leak.