The idea that the consumer is no worse off when updates stop is fatuous at best. A Chromebook is by definition designed to work fully only when connected to the internet, which today is a very hostile environment. Patches are *required* to keep a Chromebook working correctly in that environment, and withdrawing that support at some unspecified point in the future gives it a variable useful lifetime.
When patches stop, that device becomes fundamentally less useful because it will start to exhibit failures related to the environment for which it is designed. Yes, you can install another OS on it, but that changes the nature of the device into something like every other laptop, prone to viruses etc - which it is sold as being a secure alternative to.
Of course, the support is provided by Google and the hardware by ASUS or whoever, and consumer law won’t help you because the retailer and manufacturer is fundamentally not involved in that.
I too think it’s revolting that hardware cycles encourage such wastefulness, but I think even regulations are unlikely to make the situation any better. Mandating that devices have software support for 10 years from date of purchase will just lead to the industry sidestepping their obligations, like delegating support to a subsidiary they can just shut down, delaying patches indefinitely, or deciding that vulnerabilities don’t necessitate patches.