4 gigabytes of storage, consumed without a prompt. That's what Chrome users are finding on their machines after Google quietly pushed Gemini Nano - an on-device AI model - through the browser's automatic update system. Privacy researcher That Privacy Guy documented the behavior in detail, showing Chrome treating a significant AI installation as a routine background component update.
Gemini Nano is Google's smallest locally-running model, meaning it performs AI computations directly on your device rather than sending data to Google's servers. It powers features like Chrome's "Help me write" prompt box and on-device suggestions. The local approach is genuinely better for privacy than cloud-based alternatives - your text doesn't leave your machine. But that benefit doesn't resolve the consent problem.
The Gap Between Update and Installation
Chrome's component updater system is designed to push security patches and minor browser pieces silently - that's the expected behavior. A 4 GB model that adds AI inference capabilities (the ability to run AI reasoning tasks on your CPU or GPU) sits in a different category. Users discovering it are doing so by checking disk usage or browsing their file system, not because Chrome told them anything.
Google's terms of service broadly permit installing components through Chrome's updater. But users' reasonable expectation when they agreed to those terms wasn't a multi-gigabyte AI runtime appearing on their hard drive. The distinction between "automatic update" and "automatic installation of new software capabilities" is one most users would draw clearly, even if Google's legal language doesn't.
The opt-out situation is worse. There's no Chrome setting to block Nano specifically. Disabling the component updater entirely would also stop security patches - not a realistic option for most people.
This isn't an isolated practice. Browser vendors have been treating AI feature rollouts as equivalent to bug fixes for over a year now, absorbing them into existing update consent rather than asking separately. Chrome's Nano download is just the most visible example because of the file size. A 50 KB component slips by unnoticed; 4 GB gets flagged.