"1. You'd have to actually click and willingly install the software to be infected." This is how most Windows malware/unwanted software are installed today, not via some rare zero-day Chrome exploits.