Security & privacy

Chrome silently downloads Gemini Nano AI model while malicious extension impersonates Perplexity

SiliconFeed Editorial
ChromeAIPrivacyCybersecurityGoogleMicrosoft

Sections and tags — in the Topics menu Search the feed

At a glance:

  • Chrome has been quietly downloading Google's 4GB Gemini Nano AI model to eligible devices without user notification or consent.
  • A malicious Chrome extension mimicking Perplexity AI logged user searches and sent data to attacker-controlled servers.
  • Users are advised to disable on-device AI in Chrome settings and audit their installed extensions.

Google's silent Gemini Nano installation

Since at least April, Chrome has been silently downloading Gemini Nano, Google's on-device AI model, onto eligible laptops and desktops. The 4GB file arrives with no prompt, no notification, and no obvious off switch, according to CNET. Delete it, and Chrome fetches it again.

The model powers on-device features such as scam detection and writing help. However, most users never asked for it and were unaware it had been installed. Privacy researcher Alexander Hanff, writing as "That Privacy Guy," documented the install on a fresh Mac profile using the system's file-event log. The 4GB model unpacked itself in about 14 minutes while a tab sat idle.

Hanff argues the silent push breaches Europe's ePrivacy and data-protection rules, and that the bandwidth alone carries a heavy climate cost at billion-device scale. Google claims the model removes itself if a device runs short on space or power, and since February, users can turn it off in Chrome settings.

There is a twist that muddies the trust further. The visible "AI Mode" pill in the address bar does not use the on-device model at all. Those queries go to Google's servers. So the user pays the storage cost of a local model, while the headline AI feature still sends typing to the cloud.

The malicious Perplexity extension

The second story involves a malicious Chrome extension that posed as the AI search engine Perplexity. Microsoft's threat researchers discovered the extension, called "Search for perplexity ai," which used a look-alike domain to pass for the real thing.

Once installed, it made itself the default search engine. Every query and every character typed into the address bar went first to an attacker-controlled server, which logged it with the user's IP address and browser details. The theft happened on that first hop, before the redirect. The extension abused Chrome's network-rule permissions to pull it off.

Google removed the extension after the disclosure. This was not a one-off incident. Microsoft earlier tied a wave of AI-branded extensions to roughly 900,000 installs across more than 20,000 company networks, harvesting ChatGPT and DeepSeek chat histories. The AI label gets the install. The permissions do the damage.

The trust problem with browsers

Putting the two incidents together reveals a pattern. The browser, and the address bar in particular, has become a trust surface that both vendors and attackers want to occupy. Google treats your disk as a delivery target for its own AI. A criminal treats your omnibox as a wiretap.

Users are rarely asked for consent. When a legitimate company normalizes silent installs, it gets harder for users to spot malware doing something similar. Consent stops being a habit. The line between a feature and an intrusion blurs.

It also lands at a moment when AI branding is a magnet. People associate AI tools with usefulness, so they click. Attackers know it, and the same instinct that makes us try a shiny new assistant makes us wave through malicious apps wearing the same costume.

What users can do

A few minutes of housekeeping helps. On Chrome, open Settings, then System, and turn off on-device AI if you do not want the Gemini Nano model. You can also check for a folder named OptGuideOnDeviceModel in your Chrome profile to see whether the 4GB file is already there.

Then audit your extensions. Remove anything you do not recognise, check the publisher and the exact domain before installing AI-branded tools, and watch for a search engine that has quietly changed. None of this is hard. It is just the price of using a browser that, increasingly, acts on its own.

The deeper fix is not yours to make. It belongs to the company that decides whether the default browser asks before it acts. Until it does, the safest assumption is simple. Your privacy is your job, and the browser is not always on your side.

Editorial SiliconFeed is an automated feed: facts are checked against sources; copy is normalized and lightly edited for readers.

FAQ

How do I disable Gemini Nano in Chrome?
To disable the Gemini Nano model, open Chrome Settings, navigate to the System section, and turn off on-device AI. This will stop further downloads and disable the local model. You can also manually check for the OptGuideOnDeviceModel folder in your Chrome profile directory.
How can I check if my Chrome extensions are malicious?
Review your installed extensions by going to Chrome Settings > Extensions. Remove any you don't recognize, verify the publisher information, and check the exact domain names. Pay special attention to AI-branded tools and any that have changed your default search engine without your knowledge.
Why is the silent Gemini Nano download a privacy concern?
The 4GB Gemini Nano model is downloaded without explicit user consent, which raises privacy and data protection issues. Additionally, the visible "AI Mode" pill in the address bar doesn't actually use this local model—queries still go to Google's servers. This means users bear the storage and bandwidth costs without clear benefit, and it normalizes the practice of silent software installations.

More in the feed

Prepared by the editorial stack from public data and external sources.

Original article