Your browser was busy on your behalf. This week brought two reminders that Chrome can install things on your device that you never agreed with. One came from Google. One came from a cheater. Both used the same silent machines.
Chrome is used by billions of devices, making it one of the most powerful pieces of software in the World. It also makes it a tempting place to enter something. Two stories from the past few days show the problem of consent on both ends.
Google Home Guest 4GB
Since at least April, Chrome has been quietly downloading Gemini Nano, Google’s on-device AI model, to eligible laptops and desktops. The file is about 4GB. It comes on without prompting, with no notification, and with no obvious on/off switch, reports CNET. Remove it, and Chrome downloads it again.
The model enables on-device features such as fraud detection and scripting assistance. The catch is that most people never asked for it and didn’t know it had arrived.
💜 for EU tech
The latest talk from the EU tech scene, a story from our genius founder Boris, and some incredible AI art. It’s free, every week, in your inbox. Register now!
The most vivid account comes from Alexander Hanff, a privacy researcher who writes “That Privacy Guy”. He caught installation on a new Mac profile that received zero human input, using the system file event log. The 4GB model ran itself out in about 14 minutes while the tab sat idle, he wrote. He argues that silent compression violates ePrivacy and European data protection laws, and that bandwidth alone carries the heavy costs of climate change on a billion-device scale.
Google says the model removes itself when the device runs out of space or power. The company also points out that, starting in February, users can disable it in the Chrome settings, after which it will stop downloading.
There is a thorn in the side of trust. The “AI Mode” icon in the address bar does not use the on-device model at all. Those queries go to Google’s servers. So the user pays the storage cost of the local model, while the AI title feature still sends the typing to the cloud.
Cheater in the address bar
The second story is dark, because the actor was not Google. Microsoft’s security researchers discovered a malicious Chrome extension disguised as the search engine AI Confusion. It quietly entered what people had searched for, then sent them to the actual results so that nothing was wrong.
The extension, called “Search confusion ai”, used a look-alike domain to pass off the real thing, Hacker News reported. Once it’s installed, it’s set up an automatic search engine. Every query, and every letter typed in the address bar, first goes to a server controlled by the attacker, who enters it with your IP address and browser details.
The theft happened on that first hop, before redirection. The extension abused Chrome’s network policy permissions to download it, and sent server code that intercepted all requests, Microsoft said. Google removed it after it was exposed.
This was not one thing. Microsoft has previously tied a wave of AI-branded extensions to about 900,000 installations on more than 20,000 corporate networks, favoring the chat histories of ChatGPT and DeepSeek. The AI label gets installed. Permissions do damage.
Same place, different attacker
Combine the two and a pattern emerges. The browser, and the address bar in particular, has become a place of trust that marketers and attackers want to inhabit. Google treats your disk as a target for its AI delivery. A hacker treats your omnibox as a wiretap. The user stays in, rarely asked.
That’s the real issue here, and it should worry anyone who cares to trust everyday software. When a legitimate company practices silent installation, it becomes harder for users to spot malware doing the same thing. Acknowledgment ceases to be a habit. The line between a characteristic and an entry blur.
It also comes at a time when the AI brand is magnetic. People associate AI tools with usability, so they click. Attackers know it, and the same instinct that makes us try out a shiny new assistant makes us swoon over malicious apps in similar guises.
What you can do
A few minutes of housekeeping helps. In Chrome, open Settings, then System, and turn off on-device AI if you don’t want the Gemini Nano model. You can also check the folder called OptGuideOnDeviceModel in your Chrome profile to see if the 4GB file is already there.
Then check your extensions. Remove anything you don’t know, check the publisher and specific domain before installing AI-branded tools, and watch the search engine silently change. None of this is difficult. It’s just the price of using the browser, which, increasingly, it does on its own.
Deep repair is not for you. It’s up to the company to decide whether the default browser asks before it runs. Until that happens, safe thinking is easy. Your privacy is your responsibility, and the browser is not always on your side.
