Google does not provide a direct Link to specific version of Chrome. So as updates are released by Google the signatures will change - even if the URL doesnt.
Please search this forum for further info and i believe an example in Bigfix.me for a method of updating without checking signatures - if you are willing to accept risk of not validating signatures
We also faced the similar kind of issue and it seems that there was some changes on the file level (i.e the actual file was changed or replaced) but the details of the new setup file is not updated on the action script of the task.
What we did was we downloaded the new setup file and created the software distribution task and deployed it on the systems.
With Chrome since the download URL never changes, what we have in place is a scheduled task that runs twice a day that makes a call to the download URL and caches the results. If when we deploy out the official Chrome Fixlet from HCL and find Google has already swapped the binary, we simply copy the correct version from the local Chrome cache folder over to the server’s cache folder and we are good to go. Every so often we will purge the local Chrome cache folder of older releases we have no intention of deploying anymore.