VULNERABILITY DETAILS
First of all let me say that I have read the section "Why arent physically-local attacks in Chromes threat model?" (from https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md ) and I agree with you, more or less.
I mean, I agree if we talk about a dll that is not developed by the same vendor (e.g.: Google Chrome try to load VERSION.dll from C:\Program Files\Google\Update\) but in my opinion the situation changes when the program loads his own dll without checking its integrity.
In this scenario, a simple "problem" become a security issue if the program runs with SYSTEM privilege.
Practically when you open Google Chrome "GoogleUpdate.exe" is started with SYSTEM privilege to check for update. This software tries to load "goopdate.dll" from "C:\Program Files\Google\Update\". Now (even ignoring the fact that an unprivileged user could find a way to put a dll in that path) a user with administrative privileges could insert the dll in that path and grant to himself the same privilege of GoogleUpdate.exe, in this case SYSTEM privilege.
Let me guess your answer: "If someone can put a dll into a path, he can change\modify the executable itself". You're right but this simply means that if you run a program with high privilege, an integrity check should be performed, each time the executable is called, on the exe itself and to all proprietary files it needs.

VERSION
Chrome Version: 64.0.3282.167 (stable, 32 bit)
Operating System: Windows 7 Professional, SP1, 32 bit

REPRODUCTION CASE
1) put a crafted goopdate.dll into the same path of GoogleUpdate.exe (usually C:\Program Files\Google\Update\)
2) Open Google Chrome

Best regards.