>Do you also audit every part of every car you buy or medicine you take? Or do you rely on large well-established institutions to do that for you?

Cars are under quite strict laws that software isn't. And there is only a small number of car vendors, while there are several orders of magnitude more extension vendors. Also a car vendor is a big company with many audits and controls, an extension "vendor" could just be some guy in his garage office, who just sold it to scammers, even for popular extensions.

And I still wouldn't trust a modern car using subscriptions and code updated.

Also, car companies have a lot at stake and are a clear target. The scammer is hard to even identify, and has no reputation to worry about. Of course in case of a sold extension, the original author of the extension may have a reputation they care about, but only if they're still making other extensions.

“Don’t trust Google” is table stakes for being on the Internet over the past couple decades.

There are no established institutions for checking add-ons. The stores claim doing some checks, but seems enough is slipping through their net. It's also common sense to not buy something critical from a random anonymous source on the internet.

My car can't login to my bank account.

Give it a few years. After all how will Tesla get that $99 every month for your self driving susbscription?

Your car and fellow road users' cars generally have your life, your passengers' lives, and other road users' lives in its hands while in use.

Well, I see how, especially for people who are close to death and want to provide for their loved ones, the answer to "Your money or your life" might lean in the other direction.

My car probably could be hacked to murder me in secret but frankly I'm not worth expending that kind of access on.

The threat model is really very different.

> "Dont trust google" imo is the wrong response here.

Straw man. The argument is that by installing random extensions you trust anonymous developers *because* Google doesn't audit. I'll cite the parent to spare you the effort of reading it again:

> The Chrome Web Store is basically unregulated and Google doesn't care.

Yes, I trust the contents of the medicine I buy at the drug store more than I trust the drug dealer on the corner. That's why they hand out test kits for free at raves.