[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Sticky Notes Everywhere | Digital Mercury

Version 1.1 View in Chrome Web Store

Last scanned: about 15 hours ago

Extension Details

Developer: digital-mercury.com

Rating: 2.3 ★ (3 ratings)

Users: 137

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors:

The extension has very limited adoption with only 137 users and a concerning low rating of 2.3 out of 5 stars based on just 3 reviews. This suggests user dissatisfaction and potential functionality or security issues. The developer appears to be associated with digital-mercury.com, but with such low usage numbers, there's insufficient data to establish credibility or reputation.

Concerns:

The most significant concern is the broad content script injection capability across all URLs, which is excessive for a sticky notes application. This permission allows the extension to access and modify any website you visit, including sensitive sites like banking or email platforms. The combination of low user adoption, poor ratings, and overly broad permissions creates a high-risk scenario. The use of Manifest V2 also indicates the extension hasn't been updated to meet current security standards.

Recommendations:

Given the high risk profile, avoid installing this extension. If sticky notes functionality is needed, look for alternatives with better ratings, higher user counts, and more restrictive permissions. Popular sticky notes extensions typically only need storage permissions and don't require access to all websites. If you must use this extension for specific features, run it in a completely separate Chrome profile dedicated only to non-sensitive browsing activities, and never use that profile for banking, shopping, or accessing personal accounts.

Findings

HIGH

Broad Content Script Injection

This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.

MEDIUM

Older Manifest Version

This extension uses Manifest Version 2, which has fewer security restrictions than Manifest V3. Consider using extensions that have upgraded to V3.

Raw Manifest

{
  "name": "Sticky Notes Everywhere | Digital Mercury",
  "icons": {
    "16": "favicon.png",
    "128": "favicon.png"
  },
  "version": "1.1",
  "commands": {
    "_execute_browser_action": {
      "description": "Opens index.html",
      "suggested_key": {
        "mac": "MacCtrl+Shift+F",
        "default": "Ctrl+Shift+F"
      }
    }
  },
  "background": {
    "scripts": [
      "app.js"
    ],
    "persistent": false
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Save and edit sticky notes on any site. 1. Create it | 2. Drag and position it | 3. Save it for the next visit.",
  "browser_action": {
    "default_icon": "./favicon.png",
    "default_popup": "./index.html"
  },
  "content_scripts": [
    {
      "js": [
        "background.js"
      ],
      "matches": [
        "<all_urls>"
      ]
    }
  ],
  "manifest_version": 2
}

by ✦ Astarte

Sticky Notes Everywhere | Digital Mercury

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Embedded URLs (1 total):

Raw Manifest

Detections

Manifest Findings