Chrome silently installs 4GB Gemini Nano

Chrome is turning into an AI runtime, and that matters more than the 4 GB number. The immediate story is simple — users and researchers noticed Chrome 147 placing a large Gemini Nano model file on local machines with no obvious opt-in flow. But the real issue is that Google’s own Chrome AI docs already describe a system built to download, update, and even resume these model transfers automatically in the background. (developer.chrome.com) ### What exactly got installed? The file people are finding is usually called `weights.bin`, inside Chrome’s `OptGuideOnDeviceModel` area. It appears to be the local model payload for Gemini Nano, the on-device model Chrome uses for built-in AI features. Multiple reports tie the current flare-up (developer.chrome.com)al Gemini Nano models for a while. (malwarebytes.com) ### Is Chrome really doing this silently? Basically, yes, in the sense users care about. Chrome’s model-management docs say downloads can happen “automatically in the background,” can continue if a tab closes, and can resume after restart. The docs also say the first call to a buil(malwarebytes.com)er a fresh profile starts if scam detection is active. That is not the same thing as a clean, explicit “Do you want a 4 GB model on this device?” prompt. (developer.chrome.com) ### Why is the file so big? Because this is not a tiny helper component. Chrome’s developer docs say Gemini Nano runs locally on desktops and laptops, and that supported systems need at least 22 GB of free space on the volume containing the Chrome profile. Google also says the exact model size can (developer.chrome.com)rdware. So 4 GB is plausible, even if not every machine gets the exact same payload. (developer.chrome.com) ### What is Chrome using it for? Three buckets. Writing tools like “Help me write.” Web-facing built-in AI APIs such as summarizing, writing, rewriting, and prompting. And scam detection inside Chrome’s security stack. Google rolled out Gemini Nano-backed scam detection for Chrome desktop in 2025, and Chrome’s AI docs make clear that model downloads can be tied to those built-in features. (malwarebytes.com) ### Does this mean Google is sending your data out? Not necessarily. The twist is that local inference can be better for privacy than cloud inference, because the model runs on your machine. Google’s docs explicitly pitch built-in AI that way and say no data is sent to Google or thir(malwarebytes.com)surprise installation, and enterprise governance are separate issues — and those are the ones driving the backlash. (developer.chrome.com) ### Why are security teams paying attention? Because the browser is no longer just a page renderer. It is becoming a managed execution point with its own local model, update logic, feature triggers, and policy surface. If Chrome can silently place and refresh model artifacts, endpoint, DLP, and software-governance teams ne(developer.chrome.com)es the same scrutiny companies already give agents, plugins, and local inference tools. That’s the bigger shift here. (developer.chrome.com) ### Can users stop it? There does not seem to be a simple consumer-facing master prompt that prevents the behavior before it starts. Reports say deleting the file may not stick, because Chrome can download it again when model setup is retriggered. Chrome does expose internal pages like `chrome://on(developer.chrome.com)witch. (developer.chrome.com) ### So what’s the bottom line? This is less “Chrome secretly added spyware” and more “Chrome quietly crossed into shipping a local AI platform.” That can be useful. It can even be more private in some cases. But if a browser is going to claim 4 GB of disk, keep downloading in the background, and re(developer.chrome.com)now, that’s the part people think Google got wrong. (developer.chrome.com)