Well, it sounds like a lot of defaults would have to have been changed to insecure settings for Chrome to have the permissions, so... you're right and Apple agrees. I mean if `/` is writable by your login user, then something has gone terribly wrong in your process somewhere.