Chrome Is Silently Downloading a 4GB Gemini Nano Model to User Devices, Researcher Documents

Privacy researcher Alexander Hanff has published documented evidence that Google Chrome automatically writes the weights for Gemini Nano, Google's on-device large language model, to user devices without a consent prompt, a notification, or a straightforward way for non-enterprise users to prevent it. If the file is manually deleted, Chrome re-downloads it.

The file is named weights.bin and lives inside a directory called OptGuideOnDeviceModel within the Chrome user profile. On Windows 11, the full path is %LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel. The download has been confirmed on Windows 11, Apple Silicon macOS, and Ubuntu. The weights file is approximately 4GB.

Hanff documented the behavior forensically using a Chrome user-data directory he created on April 23, 2026, for an automated 100-site privacy audit. The profile received no human keyboard or mouse input; it was driven entirely through Chrome DevTools Protocol.

By April 29, the OptGuideOnDeviceModel directory had grown to 4GB. macOS .fseventsd kernel logs placed the directory creation on April 24 at 16:38:54 CEST, one day after the profile was initialized. GoogleUpdater logs show Chrome's on-device model control component arrived via Google's CDN on April 20, three days before the profile was even created.

Gemini Nano powers several Chrome features that are enabled by default in recent versions: a "Help me write" composition assistant, on-device scam and phishing detection, and a Summarizer API accessible to web developers. Google confirmed the setup on record.

A company spokesperson told Gizmodo: "We've offered Gemini Nano for Chrome since 2024 as a lightweight, on-device model. It powers important security capabilities like scam detection and developer APIs without sending your data to the cloud. While this requires some local space on the desktop to run, the model will automatically uninstall if the device is low on resources. In February, we began rolling out the ability for users to easily turn off and remove the model directly in Chrome settings. Once disabled, the model will no longer download or update."

The February toggle exists in Chrome Settings under Generative AI, but Hanff and other researchers note it wasn't present at the time the downloads began and wasn't communicated to users whose devices had already received the file.

For users who want to block the download without the settings toggle, the only persistent options are disabling via chrome://flags or enterprise policy, neither of which is accessible to most consumer users.

Hanff also flags a UI discrepancy that complicates any privacy argument Google might make for the local model. The "AI Mode" pill that appears in the Chrome 147 address bar doesn't use the locally stored Gemini Nano weights. According to Hanff's analysis, it routes queries to Google's cloud servers. The on-device model handles writing assistance and a subset of in-browser features accessed through menus, not the most visible AI entry point in the browser.

Hanff argues the installation constitutes a breach of Article 5(3) of the EU ePrivacy Directive, which restricts storing data on user devices without informed consent, as well as GDPR Articles 5(1) and 25, which require lawful processing and data protection by design. Those claims are his professional assessment; no regulatory body has opened a formal investigation as of publication.

The behavior parallels a case Hanff documented in April involving Anthropic's Claude Desktop, which he found silently registering a Native Messaging bridge across seven Chromium-based browsers on machines where it was installed, without disclosure, reinstalling the bridge if removed.

Chrome holds roughly 65% of the global browser market, with an estimated 3.3 billion active users. Hanff's estimate puts the environmental cost of pushing a 4GB model to eligible devices at between 6,000 and 60,000 tonnes of CO2-equivalent, depending on how much of the user base received the download.