The world's most popular browser is facing scrutiny over its consent mechanisms. Recent reports reveal that Google Chrome has been silently deploying heavy software components and allowing invasive extensions to embed themselves without explicit user agreement, effectively turning the browser into an unmonitored distribution channel.
The 4GB Uninvited Guest: Gemini Nano
As detailed by TNW Neural, Google has been quietly pushing Gemini Nano, its on-device AI model, to eligible laptops and desktops. The installation involves a file of approximately 4GB that arrives without any notification or opt-in prompt.Privacy researcher Alexander Hanff tracked the installation on a fresh Mac profile, noting that the model unpacked itself in roughly 14 minutes while the browser sat idle. While Google claims the model is removed if system resources run low and can be disabled in settings, critics argue this silent push may violate European data protection rules and carries a significant environmental cost due to the bandwidth required at a billion-device scale.
Cloud Paradox and Malware Exploits
A concerning discrepancy exists in the user experience: despite the local model's presence, the "AI Mode" pill in the address bar does not utilize Gemini Nano. Instead, these queries are routed to Google's servers. Consequently, users bear the local storage cost while their data is still transmitted to the cloud.This silent infrastructure has also been weaponized. Microsoft threat researchers discovered a malicious extension masquerading as the Perplexity AI search engine. Once installed, it intercepted every keystroke in the address bar, logging IP addresses and browser details on attacker-controlled servers before redirecting users to legitimate results. Google has since removed the extension following disclosure.