Even worse: imagine a poisoned update that gets installed on every browser within the hour.

Or just an update with a non-malicious bug that breaks the updating mechanism. (This last has happened to companies the size of McAfee and Skype.)

In this case the benefit far outweighs the cost, if a bug is introduced in an update I want Google to be able to patch it and my browser to receive it asap.

Yes, that would be a problem, but it would have an easy fix, revert!