No, helm is the one doing this part in the vuln. Chart.lock is made a symlink to some important file, and helm will happily write to it.