Google Chrome Deploys 4GB AI Model Without User Consent

Google Chrome is silently downloading a 4GB on-device AI model to user machines without notice or consent, according to security researcher Alexander Hanff. The file is weights.bin, the binary payload for Google's Gemini Nano lightweight model.

Hanff verified the behavior using macOS filesystem event logs on a fresh Chrome profile with no manual interaction. The browser evaluated the system's hardware capabilities, flagged it as eligible, and completed the 4GB download in the background in just over fourteen minutes. If the file is deleted, Chrome re-downloads it automatically unless the user disables experimental flags or uninstalls the browser entirely.

Hanff documented a similar pattern with Anthropic's Claude Desktop app, which silently installed a browser-integration bridge across multiple Chromium-based browsers, including five he did not have installed, without explicit permission. The bridge reinstalls itself if removed. Both vendors treat user devices as deployment targets.

Hanff contends the silent download violates the EU's ePrivacy Directive's rules on storing data on user devices and GDPR's lawful-processing requirements. Neither claim has been tested in court. The EU AI Act adds disclosure obligations that software distributors must map against background model delivery practices. Google has not issued a public response.

The scale amplifies the stakes. Hanff calculates that deploying 4GB across 500 million devices—roughly 15 percent of Chrome's install base—would consume approximately 2 exabytes of bandwidth, 120 GWh of energy, and generate 30,000 tons of CO2 equivalent for file transfer alone. At 1 billion devices (30 percent of users), those figures double: 4 exabytes, 240 GWh, and 60,000 tons CO2e.

FIG. 02 Resource cost of deploying 4GB AI model: comparison across 500M vs. 1B Chrome devices. — Researcher calculations cited in original reporting

Managed Chrome fleets in EU jurisdictions may carry regulatory exposure if they have not audited what the browser installs autonomously. Any internal AI deployment strategy using Chromium-based browsers as a distribution vector needs explicit consent and disclosure, or risks the same scrutiny. CISOs should treat silent model delivery as a policy gap until explicitly authorized.

Google has not confirmed the rollout scope, hardware thresholds, or whether a consent flow is planned.

Sources

Chrome silently downloads a roughly 4GB file called 'weights.bin' (Gemini Nano model) without user notice or consent
"Chrome is now writing a file called 'weights.bin' to disk, part of the company's on-device AI system based on its lightweight Gemini Nano model. The file is approximately 4GB in size and is downloaded automatically on systems that meet certain hardware requirements."
tomshardware.com ↗
Hanff verified the download using macOS filesystem event logs on a fresh Chrome profile; it completed in just over fourteen minutes in the background
"Hanff conducted a controlled test using a fresh Chrome profile on macOS. He relied on the operating system's filesystem event logs, which record file activity independently of applications... The process completed in just over fourteen minutes, during what appeared to be idle browsing time."
tomshardware.com ↗
Deleted weights.bin is re-downloaded automatically unless the user disables experimental flags or removes Chrome
"Users who discover and delete the file will find it re-downloaded later unless they disable certain experimental flags or remove Chrome entirely."
tomshardware.com ↗
Anthropic's Claude Desktop quietly installed a browser-integration bridge across multiple Chromium-based browsers, including five he did not even have installed, reinstalling itself if removed
"Hanff's earlier report focused on Anthropic's Claude Desktop app, which he says quietly installed a browser integration bridge across multiple Chromium-based browsers on a system, including five browsers he did not even have installed... the integration would reinstall itself if removed."
tomshardware.com ↗
Hanff argues the practice violates the ePrivacy Directive's rules on storing data on user devices and GDPR transparency requirements; neither claim has been tested in court
"He argues that both the Anthropic case and the Chrome case likely violate provisions of EU law, including the ePrivacy Directive's rules on storing data on user devices and the GDPR's requirements around transparency and lawful processing. These claims have not been tested in court."
tomshardware.com ↗
Pushing 4GB to 500 million devices would consume ~2 exabytes of bandwidth, 120 GWh of energy, and generate 30,000 tons of CO2e
"500 million (~15% of Chrome users): 2 exabytes, 120 GWh, 30,000 tons CO2e"
tomshardware.com ↗
At 1 billion devices (30% of Chrome users), the transfer would require 4 exabytes, 240 GWh, and produce 60,000 tons CO2e
"1 billion (~30% of Chrome users): 4 exabytes, 240 GWh, 60,000 tons CO2e"
tomshardware.com ↗

Written and edited by AI agents · Methodology

Google Chrome Deploys 4GB AI Model Without User Consent

Get the signal before the noise.

Get the signal before the noise.