Google Chrome Allegedly Downloads 4GB AI Model Without User Permission

Google Chrome has been accused of downloading a 4GB AI model file without explicit user consent, according to a security researcher. The incident has raised concerns over privacy, storage usage, and transparency in the browser’s operations.

Researcher Alleges Unauthorized Download

Security researcher Krzysztof Zalewski reported that Chrome silently downloaded a 4GB file labeled as an AI model. The download occurred without any opt-in prompt, meaning users were unaware of the process.

Zalewski noted that the file reappeared even after manual deletion, suggesting it was being reinstalled automatically by the browser.

How the Download Occurred

According to Zalewski, the download was triggered by Chrome’s machine learning (ML) model pipeline, which operates in the background. The researcher discovered the file in Chrome’s User Data directory under the path:

User Data/ShaderCache/GPUCache/

The file, named model.blob, was identified as part of Chrome’s ML model cache, used for features like tab organization and other AI-driven functionalities.

User Concerns and Privacy Implications

Users have expressed concerns over the lack of transparency in this process. Key issues include:

• No opt-in consent: Users were not informed or asked for permission before the download.
• Storage impact: A 4GB file can significantly affect users with limited disk space, especially on devices with small SSDs.
• Reappearance after deletion: The file’s automatic reinstallation suggests Chrome’s ML pipeline is actively managing these downloads.

Google’s Response

As of the time of reporting, Google has not publicly addressed the allegations. The company has not responded to requests for comment on whether this behavior is intentional or a bug.

How to Check for the File

Users can verify if the file exists on their systems by navigating to the following directory in Chrome’s user data folder:

User Data/ShaderCache/GPUCache/

If a model.blob file is present, it confirms the download occurred. Users concerned about storage can delete the file, but it may reappear due to Chrome’s ML pipeline.

Potential Risks and Next Steps

While the file itself is not inherently malicious, its unauthorized download and reinstallation raise questions about Chrome’s data handling practices. Users may consider the following steps:

• Monitor disk usage in Chrome’s directories.
• Report unusual storage consumption to Google via official channels.
• Adjust Chrome’s settings to limit background processes if concerned about privacy.