One issue is that Electron apps don’t get browser security patches until Electron updates Chromium, the developer updates Electron, and the user updates the app.
While that's true, electron apps very rarely provide unrestricted web browsing of untrusted content. They're usually locked to a single domain, or load their entire interface from local files.
This doesn't make it safe -- consider a lower level library inside Chromium can be exploited when processing input data. Your chat app can be exploited by receiving a crafted image. This actually happened in image processing library and network library in Chromium.
Sure, but the same can happen to whatever libraries you use on your native app. If anything Chromium is more likely to be patched, since there's a large entity interested in keeping it secure enough for accessing untrusted content.