Google Chrome Silently Downloads 4 GB Gemini Nano AI Model File to Users’ PCs
What Happened – Chrome began automatically downloading a ~4 GB weights.bin file into the user‑data folder of many Windows PCs. The file contains the on‑device large‑language‑model (LLM) weights for Google’s Gemini Nano AI feature and is re‑downloaded if deleted.
Why It Matters for TPRM –
- Unexpected large files can exhaust endpoint storage, affecting performance and cost.
- On‑device AI models process user data locally, raising questions about data residency and privacy controls.
- Lack of clear user consent or notification may breach internal policies or regulatory expectations for transparency.
Who Is Affected – Enterprises that allow Chrome on employee workstations, especially those with limited disk space or strict data‑handling policies (e.g., finance, healthcare, government).
Recommended Actions –
- Audit Chrome policies across the organization; verify whether the “on‑device AI” setting is enabled.
- Communicate the storage impact to end‑users and provide guidance on disabling the feature if unnecessary.
- Update endpoint monitoring to flag large, auto‑created files in user profiles.
- Review vendor‑risk questionnaires for Google Chrome to include questions on on‑device AI data handling.
Technical Notes – The file is a binary weight matrix for Gemini Nano, downloaded via Chrome’s background update mechanism when the “Enable on‑device AI” flag is set. No CVE or exploit is involved; the download is benign but persistent. Source: ZDNet article