I’ve seen dozens if not hundreds of infected machines. By far the most common infection vector comes from unpatched browsers or their plugins.
It looks like my browser was not updating because of a 1.5 year old bug #711475 which is still marked at “New”. If it hadn't been for my interest in asm.js, I'd still be sitting at version 17 or 18, despite auto-updates and background service both being checked.
Not auto-updating the browser is a much bigger security risk than your hypothetical issue for Chrome.
I'm not familiar with auto-update, but reading at Bugzilla, it seems that auto-update has been working for a few months at least. The bug to which you linked seems to be about letting users update Firefox without having to wait for the auto-update, which is something else entirely.
Or did I misunderstand what feature you are referring to?
It looks like my browser was not updating because of a 1.5 year old bug #711475 which is still marked at “New”. If it hadn't been for my interest in asm.js, I'd still be sitting at version 17 or 18, despite auto-updates and background service both being checked.
Not auto-updating the browser is a much bigger security risk than your hypothetical issue for Chrome.