Google Chrome is reportedly downloading Gemini Nano, a roughly 4 GB local artificial intelligence (AI) model, onto users’ computers without their knowledge or consent.
The discovery was highlighted by privacy blogger Alexander Hanff, in his blog post published on May 4.
The Gemini Nano model supports features such as “Help me write” for text generation, on-device scam detection, and a Summarizer API that websites can access directly.
The file, reportedly identified as weights.bin, is stored in a folder labeled OptGuideOnDeviceModel within Chrome’s user profile directory.
Hanff and other researchers said the model appears to be automatically downloaded when AI features are enabled in Chrome, which they say are turned on by default in recent versions of the browser.
According to reports, even if users manually delete the weights.bin file, Chrome may download it again, reinstalling the model unless AI-related settings or experimental “flags” are disabled.
There are indications Chrome may have been doing this for some time. In April 2025, a Reddit post suggested the model was around 3 GB, while a Stack Overflow thread indicated that by November 2025 it had already grown to 4 GB.
Hanff and others have raised environmental concerns, estimating that if the model were distributed across 1 billion Chrome users (around 30 percent of its user base), the initial downloads alone could consume about 240 gigawatt-hours of electricity and produce roughly 60,000 tons of carbon dioxide equivalent, excluding energy used during actual model execution.
Critics also point to potential cost implications. Malwarebytes noted in its report that a 4 GB background download may be insignificant for users with fast, unlimited internet, but could be costly for those on metered connections and mobile hotspots.
“For rural users or those with bandwidth caps, this kind of silent transfer can blow through monthly limits in minutes,” Malwarebytes said.
Privacy concerns have also been raised.
“All in all, users see a 4GB local AI model and reasonably assume their data stays private, when in reality, the most visible AI feature sends everything to Google’s servers,” Malwarebytes said. “Tech companies need to stop treating silent deployment as acceptable practice. We see no valid excuse for this. Your device is yours. The storage is yours. The bandwidth is yours. And the electricity bill is yours.”
To disable the required flags, users must open Chrome and type chrome://flags into the address bar. In the search box at the top, look for “Optimization Guide On-Device.” In the dropdown next to it, select “Disabled.” This should stop the 4 GB model from downloading in the background.
