HBO watch party. If relays a fake costumer support chat if you visit a site like united airlines, that puts you in touch with scammers (probably does other malwary stuff too). A friend almost got scammed by this, they reported it to someone they know who works at Google and a couple months later the extension is still up.
Tbh that is the only actual example I know, but after poking around a bit, ppl who actually know about security say that's the state of things with these extension and app store apps, and nobody at google seems to think fixing it is their job.
Funny thing is, they were asking this google friend for advice about getting rid of the malicious chat before they realized it was this chrome extension. The advice the google employee gave was to format the computer (it wouldn't have fixed it because once they logged into chrome again all the extensions would come back).
Hard sell that people running this clown show could be doing PQC in any meaningful sense (other than publishing papers. The papers are fine).
There was a previous one removed a few months ago for malware called HBO Max Watch Party. Was that it? If you have a specific extension id I can file a bug on your behalf.
And after reading about the situation internally, I can confirm there are dozens of people working on this problem, and that you have no idea what you're talking about. So please try to be a bit more humble.
Actually never mind, I double checked and it was just HBO watch party (it is still up and has the malware). I appreciate if you can take a look at this.
It has been removed, along with a dozen others that did similar tricks. I also looked for a prior report and didn't find any for this extension, which suggests to me that the extension has not been reported before. I suggest in the future using the existing malware reporting forms on the Chrome extension store, rather than venting in HN comment threads.
A fitting reply to a total non-sequitur, more like. A huge corps handling of browser extensions has absolutely zero to do with encryption algorithms, and security is such a big field that "care about security" means nothing at all.
The comment was just a chance to vent anger at Google in an unproductive way.
It is a pretty random example, but it is meant to say that the math is rarely the limiting factor for security. People spend time thinking about this type of stuff because they like it, not because it is actually important for security.
In my mind RSA is the last instance of a mathematical development changing the game of security. After that it is twists of the same idea on more obscure mathematical objects, and pyrotechnic protocols that only the truly unhinged (ethereum people) are willing to try out in practice.