Chrome downloads 4GB Gemini Nano model to user profiles
Chrome downloaded a 4GB Gemini Nano model (weights.bin) into profiles on qualifying devices, reinstalling it if removed and doing so without an opt-in prompt.
Security researcher Alexander Hanff, who posts as ThatPrivacyGuy, reported that recent Chrome releases automatically download a 4GB on-device model named Gemini Nano into user Chrome profiles when devices meet certain hardware requirements. The model file appears as weights.bin inside an OptGuideOnDeviceModel folder within Chrome profile directories.
Hanff reported that the download is triggered by Chrome’s internal hardware checks and that removing weights.bin leads Chrome to download the file again. The installation occurs without an opt-in prompt or a visible notification to users.
Google uses Gemini Nano as an on-device model to power features such as the browser’s “Help me write” text composition aid, on-device scam detection, and a Summarizer API that websites can call. Hanff’s analysis indicates that Chrome’s prominent AI Mode in the address bar does not use the local model; queries for that feature are routed to Google’s cloud servers.
The automatic download can affect users with limited or metered internet access. A 4GB file can consume significant data on mobile hotspots, capped broadband plans, or in regions with high bandwidth costs. Hanff estimated that distributing the model to about 1 billion users would use roughly 240 gigawatt-hours of energy and generate about 60,000 tons of CO2 equivalent for the downloads alone.
Hanff also raised potential legal concerns under European rules, arguing that unsolicited installation could conflict with the ePrivacy Directive’s provisions on storing data on user devices and with GDPR requirements on transparency and lawful processing. Those legal claims have not been tested in court.
Hanff previously documented a separate incident in which Anthropic’s Claude Desktop app added browser integration files across multiple Chromium browsers and recreated removed files without clear user disclosure. He described both discoveries as instances of software placing files on systems without explicit consent.
Google has argued that on-device models can keep data local and enhance privacy. In the example Hanff examined, the visible AI feature in Chrome continues to send queries to Google servers while a local model file is present on devices.
