Changing CFBundleExecutable causes code signing to fail. Once code-signing fails (silently!), access to items in the Keychain is impeded.
This led to problems using x509 client certificates for https, with a mis-leading error message coming out of Chrome.
So, don't do that. Just … run the command manually from the command-line, if you want to enable flags. Is there seriously no way to enable features via the cmdline for apps on MacOS X without breaking things? Really, is it a sign that argv parsing is just so retro Unix and not what the cool kids are doing, real apps don't do that any more? All configuration in-app?
For the time being, the troll will survive without WebGL access.
broken% codesign --verbose -v /Applications/Google\ Chrome.app/
/Applications/Google Chrome.app/: code object is not signed
working% codesign --verbose -v /Applications/Google\ Chrome.app/
/Applications/Google Chrome.app/: a sealed resource is missing or invalid
/Applications/Google Chrome.app/Contents/MacOS/troll-shim: resource added
Many thanks to Ryan Sleevi, of the Chromium team, who debugged this problem caused by Weird Ways Evil People Abuse Their Poor Code.
-The Grumpy Troll, being sheepish, rather than eating sheep