For Chrome to be compatible with Azure AD conditional access security policies that check for Hybrid Domain Join, you must install a Browser extension from (here) *or* deploy a registry key from (here).
This is because Chrome does not pass the Hybrid Domain Join status, as shown below:
IE or Edge
Adding the browser extension or registry keys allows a user to use Chrome to access the SSO via conditional access policy.
Otherwise you will get an error “You can’t get there from here”