Is there a setting to skip the "allow" dialog after every security update of programs like chrome.exe?

I think it makes no sense to ask the user to confirm that he/she still trusts chrome.exe after every security update of said program. As users we have absolutely no means to determine if the update was legitimate. We have no choice but click "yes" each and every time!

I think that NIS/NAV should have built in a list of certificates that are trusted, and just allow executables that are signed with a trusted certificate.

Another way could be to keep a list of SHA256 signatures of the most common executables, and have a frequent update of that list, or check an online symatec database for signatures when longtime installed programs have just been updated.

Is anything similar already implemented? Is there any problems with this idea?