Of course you can (disclaimer edition note: but it's not necessarily for the faint of heart, and isn't officially supported. On their updater and update policy, Google manages to be worse than Apple on Windows, which is already pretty fucking bad).
1. On Windows and OSX (at least), the actual updating is performed by a single service running in the background for all Google applications (the Google Updater). This service is installed and/or activated by all Google applications, every time you install them (or run them, in OSX, not sure for Windows). I'm sure you can find how to do the same in Windows but my know-how is not good enough, but in OSX you can disable GUS forever by uninstalling it, emptying its directory and then setting it write-only. This way, it's not possible for GUS to be reinstalled.
2. A good enough outbound firewall (I'm partial towards Little Snitch on OSX) will allow you to block connections to the update server, and make GUS unable to query it, and therefore to update Chrome without your consent.
On Windows, Autoruns from SysInternals (http://technet.microsoft.com/en-us/sysinternals/bb963902.asp...) works fairly well for finding out about these things that happen automatically, and disabling them, as easy as unchecking a checkbox. There's at two categories relevant to googleupdate: CurrentVersion\Run, and Task Scheduler.
Ugh, of course, there are work-arounds. But if you re-read my comment, I said it is hardcoded in Chrome. I was talking about Chrome.
Another point: Your method will disable all google updates (google toolbar, google talk etc) which is a good side effect imo but not necessarily desirable by all.
It's not hardcoded in Chrome, at least on Windows it's not. I'm currently running 4.1.249.1045, which I gather isn't particularly recent, because I seldom use it except for Facebook and other sites I don't trust to be logged in to for general browsing.
I don't understand why they're taking that decision away from me. They could just enable auto update by default so most users would always be up-to-date unless they have a reason for disabling it. There are some good reasons other than money as well, such as privacy and security. I don't want my computer updated in any shape or form when I'm on an airport or in an authoritarian country for instance.
I don't know whether a Chrome update is dwarfed by regular browsing. The link you posted shows the size of one particular diff update they did. That's a completely worthless measure. The worst case, no doubt, is that everything has to be replaced and that would be 10MB.
Security-wise I'd be very surprised if Chrome updates weren't signed; MITMing of auto-updates isn't exactly new (see EvilGrade). So I doubt it's an issue there.
That said, I agree that there should be an option (not a prominent one) to switch it off.
Chrome's auto-update feature on Debian-based distributions at least consists of it installing its apt repository in your sources.list. Which is fine by me.
1. On Windows and OSX (at least), the actual updating is performed by a single service running in the background for all Google applications (the Google Updater). This service is installed and/or activated by all Google applications, every time you install them (or run them, in OSX, not sure for Windows). I'm sure you can find how to do the same in Windows but my know-how is not good enough, but in OSX you can disable GUS forever by uninstalling it, emptying its directory and then setting it write-only. This way, it's not possible for GUS to be reinstalled.
2. A good enough outbound firewall (I'm partial towards Little Snitch on OSX) will allow you to block connections to the update server, and make GUS unable to query it, and therefore to update Chrome without your consent.