HBO watch party. If relays a fake costumer support chat if you visit a site like united airlines, that puts you in touch with scammers (probably does other malwary stuff too). A friend almost got scammed by this, they reported it to someone they know who works at Google and a couple months later the extension is still up.

Tbh that is the only actual example I know, but after poking around a bit, ppl who actually know about security say that's the state of things with these extension and app store apps, and nobody at google seems to think fixing it is their job.

Funny thing is, they were asking this google friend for advice about getting rid of the malicious chat before they realized it was this chrome extension. The advice the google employee gave was to format the computer (it wouldn't have fixed it because once they logged into chrome again all the extensions would come back).

Hard sell that people running this clown show could be doing PQC in any meaningful sense (other than publishing papers. The papers are fine).

Sadly you are like the 6th google employee I personally told about this (and it is still up).

It is a pretty random example, but it is meant to say that the math is rarely the limiting factor for security. People spend time thinking about this type of stuff because they like it, not because it is actually important for security.

In my mind RSA is the last instance of a mathematical development changing the game of security. After that it is twists of the same idea on more obscure mathematical objects, and pyrotechnic protocols that only the truly unhinged (ethereum people) are willing to try out in practice.