:

CHROME DOWNLOADS 4GB AI FILE WITHOUT USER CONSENT

AI DESK2 MIN READ
WED, MAY 6, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

A researcher has alleged that Google Chrome automatically downloads a 4GB artificial intelligence model file without user permission, with the file reappearing even after deletion.

Security researcher Max Kostyan discovered that Chrome initiates a multi-gigabyte download related to AI functionality without explicit user consent or clear notification. The downloaded file persists on user systems even when manually deleted, suggesting an automatic re-download mechanism. The file in question appears connected to Chrome's AI-powered features, though Google has not publicly detailed the exact purpose or contents. The discovery raises questions about bandwidth usage, storage space, and user control over system resources. Kostyan's findings indicate that the download occurs independently of user settings or preferences. The behavior contradicts standard practices where significant resource-intensive operations require explicit opt-in from users. The reappearance of the file after deletion suggests Chrome's system is designed to maintain the AI model regardless of user intervention. This functionality could impact users with limited storage space or data caps, particularly on systems where multiple users share resources. Google has not immediately responded to the allegations. The discovery adds to ongoing discussions about browser behavior transparency and user autonomy over system resources. The incident highlights broader concerns about how tech companies implement AI features and the level of disclosure provided to users. Similar issues have surfaced with other major browsers implementing background downloads for functionality updates and feature support. Users concerned about the download can check their system storage and browser cache directories. However, the automatic re-download mechanism means manual deletion may not provide a permanent solution until Google addresses the underlying behavior or provides official settings to disable the feature.

■ SOURCES

Engadget

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

3H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

3H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

6H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

8H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.