Is "Yellow Notes for the Cloud" on Chrome Web Store Safe to Install?

[email protected] · chrome · v2.2.3

YellowNotes provides a way to attach small notices to content of the web. Much like Post-it notes did for paper documents, YellowNotes does for web pages. Stick a note on a web page and it is there when you come back later. Highlight a selection of text; attach a note. When you come back, that section will still be highlighted. These notes can also be shared with others. Copy a note and paste a link to it into a email or chat message. If the recipient also has YellowNotes installed, they will see the yellow note in their browser when they use the link. Notes are not limited to just typed text. You can draw in them, or write by hand using you mouse, finger or stylus. A whole web page can be linked into a note: A YellowNote can displayed one web page inside another. The note can be set zoom into a portion of the web page it "carrries" in order to display only a selected part. The notes come with a call-home feature. An icon in the upper-right which when clicked takes to user to the location where the note was attached. To the exact same location of the page. And if the note was attached to a highlighted section of text, that section will also be highlighted. A portable bookmark that takes you to the exact location. You can ask someone about a paragraph by highlighting it, write a remark in the note, paste the note in a chat message to them. They open the note and click to get to the location. They can answer back in the same way. Creating a sharing note in the this way, requires no account with Yellownotes. But you also subscribe to the notes others have created. With sharing on social media we can certainly provide commentary, but it is not clear what we are talking about. Context has been lost. Yellownotes is for placing notes directly in the context where they are relevant and optionally sharing these notes with friends and subscribers. Two people can have a discussion “directly” on a webpage. And the word directly is in quotes here because it does not physically take place on the remote web page, in a form such as a commentary field or similar, but rather just between themselves on the YellowNotes for the Cloud infrastructure. The web page in question is simply the visual background. YellowNotes does not require the webpage to even be accessible. This allows YellowNotes to be used to communicate with site visitors even when the site is off-line. It also allows users to design their own community websites using entirely made-up domain names. The most recent feature of YellowNotes for the Cloud is an AI chatbot where you can use your notes, which really are annotations on the content you see, as a learning source. As the basis for the "smarts" of a bot. You can then chat with yourself. And others, if you allow it, can chat with a virtual representation of you. This currently (Oct-25) in mid-stage development and core features are available to subscribers We call it Augmented Reality for the Web, AR4W The product is currently (Feb.26) in beta testing.

Risk Assessment

Analyzed
53.37
out of 100
MEDIUM

37 security findings detected across all analyzers

Chrome extension requesting 13 permissions

Severity Breakdown

0
Critical
0
High
37
Medium
0
Low
0
Info

Finding Categories

36
Network

Requested Permissions

13 permissions
cookies

Read and modify cookies on all sites

High
webRequest

Intercept, modify, and block all network requests

High
activeTab
Medium
tabs
Medium
alarms
Low
contextMenus
Low
declarativeNetRequest
Low
scripting
Low
storage
Low
unlimitedStorage
Low
webNavigation
Low
*://www.yellownotes.cloud/*
Low
clipboardWrite
Low

About This Extension

YellowNotes provides a way to attach small notices to content of the web. Much like Post-it notes did for paper documents, YellowNotes does for web pages. Stick a note on a web page and it is there when you come back later. Highlight a selection of text; attach a note. When you come back, that section will still be highlighted. These notes can also be shared with others. Copy a note and paste a link to it into a email or chat message. If the recipient also has YellowNotes installed, they will see the yellow note in their browser when they use the link. Notes are not limited to just typed text. You can draw in them, or write by hand using you mouse, finger or stylus. A whole web page can be linked into a note: A YellowNote can displayed one web page inside another. The note can be set zoom into a portion of the web page it "carrries" in order to display only a selected part. The notes come with a call-home feature. An icon in the upper-right which when clicked takes to user to the location where the note was attached. To the exact same location of the page. And if the note was attached to a highlighted section of text, that section will also be highlighted. A portable bookmark that takes you to the exact location. You can ask someone about a paragraph by highlighting it, write a remark in the note, paste the note in a chat message to them. They open the note and click to get to the location. They can answer back in the same way. Creating a sharing note in the this way, requires no account with Yellownotes. But you also subscribe to the notes others have created. With sharing on social media we can certainly provide commentary, but it is not clear what we are talking about. Context has been lost. Yellownotes is for placing notes directly in the context where they are relevant and optionally sharing these notes with friends and subscribers. Two people can have a discussion “directly” on a webpage. And the word directly is in quotes here because it does not physically take place on the remote web page, in a form such as a commentary field or similar, but rather just between themselves on the YellowNotes for the Cloud infrastructure. The web page in question is simply the visual background. YellowNotes does not require the webpage to even be accessible. This allows YellowNotes to be used to communicate with site visitors even when the site is off-line. It also allows users to design their own community websites using entirely made-up domain names. The most recent feature of YellowNotes for the Cloud is an AI chatbot where you can use your notes, which really are annotations on the content you see, as a learning source. As the basis for the "smarts" of a bot. You can then chat with yourself. And others, if you allow it, can chat with a virtual representation of you. This currently (Oct-25) in mid-stage development and core features are available to subscribers We call it Augmented Reality for the Web, AR4W The product is currently (Feb.26) in beta testing.

Detailed Findings

37 total

AI Security Report

AI Security Review

Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-28. The review verdict is likely false positive with 75% confidence.

Recommended action: suppress false positive.
Risk context: MEDIUM risk, score 53/100.
Evidence context: threat category none; evidence quality moderate.

This extension, 'Yellow Notes for the Cloud' by [email protected], shows 37 medium-severity findings but none indicate malicious behavior. The single manifest finding (MANIFEST-SENSITIVE-PERM-TABS in manifest.json) reflects the 'tabs' permission, which is necessary for a sticky notes extension to associate notes with specific browser tabs. This is standard functionality, not a security concern.

The 36 network findings are all generic NET-FETCH detections across multiple files: background/background.js (lines 1130, 3341, 197, 1582, 2405, 842, 3008), js/on_page_common.js (line 640), js/deployment_type_specific_functions.js (lines 617, 993), and js/copy_app.js (line 116). These findings simply detect fetch() API calls, which are expected for any extension that syncs data to a backend server. Critically, the IoC extractor found zero suspicious domains—the findings do not identify where these fetch calls are directed. Without specific domain evidence, these network findings are indistinguishable from legitimate cloud sync behavior.

No malware signatures, obfuscation, code-smell findings, or suspicious IoCs were detected. The developer attribution (browsersolutions.no email domain) and straightforward extension name/description ('Yellow Stickynotes for The Web') align with expected legitimate publisher patterns.

Counterargument: A skeptic might argue that 36 network findings is excessive and the 10-user count suggests an unvetted extension. However, finding COUNT is not evidence of malice—finding NATURE is. All 36 findings are generic fetch() detections with no specific domain targets. The low user count is irrelevant to security assessment; many legitimate niche extensions have small user bases. The actual evidence (zero malware, zero obfuscation, zero suspicious domains, legitimate developer email) overwhelmingly supports a benign verdict.

The findings are driven by detection patterns that flag normal extension behavior. Without evidence of credential theft, data exfiltration to unknown domains, or deceptive practices, this extension should be treated as a false positive.

Key Reasons

  • Zero malware signatures or obfuscation findings
  • Network findings are generic fetch() calls with no suspicious domains
  • tabs permission is legitimate for sticky notes functionality
  • Developer has identifiable email domain (browsersolutions.no)
  • Extension name and description match expected functionality

False Positive Considerations

  • Generic NET-FETCH detection on legitimate fetch() calls
  • Sensitive permission (tabs) required for sticky notes functionality
  • No specific IoC domains extracted from network findings
  • Low user count does not indicate malice

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

URL Tracker Redactor

[email protected]

MEDIUM 2 users

Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng

[email protected]

CRITICAL 20K users

CoverClick

[email protected]

CRITICAL

Dodl Notes: Teacher Anecdotal Notes

[email protected]

CRITICAL 14 users

SVG to AVIF Converter [ShiftShift]

[email protected]

CRITICAL 4 users

Auto Gmail - ChatGPT AI for email inbox

[email protected]

CRITICAL 1K users