The support for running apps in the Linux container feels fairly normal. I had a family member using LibreOffice and other apps that way for years and it worked fine. We bought a more powerful Chromebook and performance was fine. One family member is using ChromeOS on the Framework laptop. Performance there is great.
Unattended upgrades is for updates in the Linux container. Sometimes it’s used primarily for security updates. The whole thing is so locked down and containerized, I don’t think security updates in the container are as important.
It’s true that Chrome always installed, but you can put whatever icons in your launcher.