One of the most anticipated projects in the Chia ecosystem right now, by users and developers alike, is a full featured browser extension Chia wallet. The closest we have come so far is Goby Wallet, and today it received a massive update. You can check it out here on the Chrome Web Store.
Right now it is currently at version 0.0.6, so very early alpha, but even so it seems to be working very well. But already the source code for the backend is available as open source so you are free to use it against your own node. The front end is not open right now, but we should be able to determine some basic security architecture from the backend code.
A quick look through the API shows that Goby is using FastAPI to build their back end, which is a pretty reasonable choice for this and is definitely not signing spends on the back end or accepting private keys. It is accepting JSON input from the (closed source) front end which includes a signed spendbundle. That doesn’t mean the cryptography is done well, but its at least done to industry standard architectural practices.
I have some minor concerns about the simple nature of the API connecting to a full node, but that will likely be ironed out in future releases and there are already comments indicating work that needs to be done to secure the RPC connection to the node. This is not a big deal, just shows that even though the product is starting look polished it is still in development.

Now, for how it works. It seems to work pretty well. Its a little hard to tell right now because of the fairly constant dust stormings that are going on, so if there are significant slowdowns or performance issues they are masked by the general performance issues on the main blockchain right now. But I am able to send and receive CATs and add CATs to the wallet from taildatabase.com, a very elegant solution to the CAT spam problem. Also, the regular XCH interactions work fine.

Supposedly there is API integration support for websites that want to use Goby as a metamask-like experience and I am hoping that the system is robust enough to begin using. Many DeFi applications are missing this ease-of-use feature and instead rely on custodial wallets (not really DeFi then) or have complicated payment monitoring systems in place. This will be much easier for people, and that means better adoption in the ecosystem.