Start a project

← All posts

Chrome's Silent Gemini Nano Install: 4 GB on Your Disk

· Dracode · ai · developer-tools · privacy
Open hard drive showing internal platters and read/write arm mechanism

What Chrome Is Silently Downloading

Security researcher Alexander Hanff disclosed last week that Chrome 147 downloads a ~4 GB file onto user machines without notification, consent, or an opt-in prompt. The file — weights.bin, located inside an OptGuideOnDeviceModel directory in your Chrome profile — contains the weights for Gemini Nano, Google’s on-device language model. Delete it and Chrome re-downloads it automatically on next launch.

The paths to check:

# macOS
~/Library/Application Support/Google/Chrome/OptGuideOnDeviceModel/

# Linux
~/.config/google-chrome/OptGuideOnDeviceModel/

# Windows
%LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel\

Google’s public response: if the device does not have sufficient resources, the model will be uninstalled. That is not a consent mechanism.

Why Google Needs Nano in the Browser

Chrome has been building toward an on-device AI runtime for two years. Gemini Nano powers several browser-native features: contextual writing assistance, tab and page summarization, and — most relevant for developers — the Prompt API currently in Origin Trial.

The Prompt API sits alongside AISummarizer, AIWriter, AIRewriter, and AILanguageDetector as part of Chrome’s built-in AI surface. Web applications targeting Chrome can call these APIs directly from JavaScript with no server round-trip and no inference cost. Having the model pre-loaded on disk makes the first API call effectively zero-latency — compared to several seconds for a cold model download.

This is the correct architectural decision for on-device AI in a browser. The problem is not the goal, it is the execution.

Downloading 4 GB to a user’s device without notification is not the same category of action as a silent security patch. Browser auto-updates work because the security rationale is clear, the scope is the browser binary itself, and decades of precedent have set user expectations. An AI model is a novel addition that consumes disk space users may not have to spare — particularly on entry-level machines and Chromebooks with 32–64 GB of eMMC storage.

Hanff explicitly flagged the GDPR implications in his original report. The re-download-on-delete behaviour — a model that reinstalls itself after manual removal — maps uncomfortably onto the definition of persistent unwanted software under EU cybersecurity frameworks, regardless of intent. In jurisdictions under the DMA and GDPR, silent installation that resists user removal is not a grey area.

Enterprise administrators can disable the behaviour via Chrome enterprise policy, but consumer users have no equivalent control available through Chrome’s settings UI. That asymmetry is the core of the complaint.

What Web Developers Should Know

If you are building web applications targeting Chrome, the Prompt API and built-in AI surface are worth prototyping against now. On-device inference with no marginal cost per call changes the economics of text features in the browser — inline summarization, writing assistance, and language detection all become viable at interaction-level frequency.

The correct implementation requires feature detection:

if ('ai' in self && 'languageModel' in self.ai) {
  const session = await self.ai.languageModel.create();
  const result = await session.prompt('Summarize: ...');
  console.log(result);
}

Do not assume availability. The model may be absent on low-storage devices, managed machines where the policy is disabled, or regions where Google has not yet rolled out the download. Progressive enhancement is the only correct architecture.

The consent issue has a direct product implication: if your app calls the Prompt API, users who already object to Gemini Nano being on their machine will not respond well to discovering your app invoked it silently. A brief disclosure before the first inference call is not just good ethics — it is the difference between a feature and a trust incident.

What We’re Watching

Google has not committed to a timeline for a consumer-facing opt-out. The Prompt API is moving toward standardization via WICG with Mozilla and Apple involved in the spec process, even if neither has committed to shipping an equivalent on-device model. How that standardization resolves will determine whether Chrome’s pre-load strategy was a reasonable head-start or a liability it has to unwind.

The regulatory dimension will move slowly but will not disappear. Hanff’s disclosure is the kind of documented, specific complaint that EU data protection authorities act on. If Google does not add a consent flow before regulators require one, the remediation will be more disruptive than a settings toggle would have been.

For the products we build, the practical read is this: the Chrome Gemini Nano on-device inference capability is real and worth incorporating into roadmap planning. The consent and disclosure story requires genuine care, not a checkbox. If you are evaluating these APIs for a product you are shipping, talk to us — the tradeoffs are specific to your feature surface and user base, and getting that balance wrong early is expensive to fix.

Sources

  1. Google Chrome silently installs a 4 GB AI model on your device without consent — That Privacy Guy (Alexander Hanff), May 5 2026
  2. Google Chrome Might Have Installed an AI Model Onto Your Device Without You Knowing — CNET, May 6 2026
  3. Google Chrome AI model: Is a 4GB file being downloaded without your permission? — Economic Times, May 6 2026