Making an appointment
Making an appointment

How Google Chrome quietly fills your profiles with a 4GB AI model

Infographic with the text "Chrome secretly populates your user profiles" and subtitle "Gemini Nano writes 4 GB per user to profile without permission" with CTA "Block it now," in New Yard's house style.

8 minutes

What this means for AVD, Citrix and FSLogix, and how to address it

You’ve set up your VDI environment tightly. Your FSLogix profiles are on an Azure Files or on-premises share, and every gigabyte counts. And then Google Chrome decides to write an AI model of nearly 4 GB to each user’s profile in the background. Without notification. Without permission.

In a VDI environment where profiles must be kept as low as possible because of the cost of expensive storage (Both on-premise and especially in the Cloud), with hundreds of users this quickly means more than 400GB of additional write space. And you pay for that every month.

This is not a theoretical risk. If Chrome is on the device, chances are that this model is already present in your users’ profiles.

What exactly is going on?

The file in question is weights.bin, part of Gemini Nano: Google’s local AI model. Chrome automatically downloads this model when creating a new browser profile or when starting Chrome if this file is not already present. It is stored in a hidden folder called OptGuideOnDeviceModel.

The file was discovered by privacy researcher Alexander Hanff, who analyzed Chrome’s behavior during an automated audit on macOS. It has since been confirmed that the same behavior occurs on Windows 11, Apple Silicon Macs and Ubuntu.

Practical implications:

  • Each Chrome profile downloads the model separately. In an SBC or VDI environment with FSLogix, Citrix UPM or another profile tool, this means: each user gets an additional 4 GB in their profile.
  • Those who delete the file manually will see it return on the next Chrome startup.
  • The download process takes about 15 minutes and puts pressure on bandwidth and disk.
  • No notifications are shown. No permission requested.

So what exactly does that file do?

Gemini Nano supports several AI features in Chrome, including:

  • Help with writing in the browser
  • Web page summaries
  • Smart grouping of opened tabs
  • Detection of fraud on websites
  • Enhanced paste functions

This sounds convenient. But here is precisely the problem: Most searches via the new AI mode in Chrome are still redirected to Google’s servers. The local model hardly runs at all in practice. So employees are paying with storage space and bandwidth for a model they barely use.

What are the risks to your organization?

Profile storage in SBC or VDI environment: costs rising

In an SBC or VDI environment, user profiles are managed through FSLogix, Citrix UPM or another profile run. Those profiles are stored on a file server or in Azure Files. In Azure, you pay per GB of stored data. With a hundred users, this quickly amounts to hundreds of gigabytes of additional storage costs per month, for an AI model that most users have never actively requested. On a laptop or desktop, this is usually not too bad: they have plenty of space. But in a VDI environment, profile storage is a managed and paid resource.

Profile problems and quota overrun

When Chrome is on the golden image, every user who logs in automatically gets the Gemini Nano model written into their profile. This happens without administrator intervention, and without the user noticing. The result: profiles that grow unexpectedly, quotas that are exceeded, and in the worst case, profiles that no longer load properly. This is exactly the kind of situation where the finger quickly points to Citrix, Parallels or some other VDI solution, when the real cause is an application such as Chrome writing unwanted data to the profile. Read more about that dynamic at https://newyard.nl/citrix-problemen-of-it-keten/

Management and predictability

In a well-managed environment, you determine what goes into a user’s profile. Chrome now breaks that, outside of your management process. Especially if you’re working with defined quotas on Azure Files or an on-premises file server, you don’t want a browser adding 4 GB per user to the profile without a management decision behind it.

Laptops and physical workstations

On a laptop or desktop with ample disk space, 4 GB in itself is not a disaster. But again, the model is downloaded without the user or administrator’s knowledge. If your organization works with a mix of VDI and physical workstations or laptops, it is wise to implement the setting consistently everywhere. Not because disk space is the problem, but because as an IT department you want to keep a grip on what ends up on employees’ devices.

How do you manage this as an IT manager?

Google has confirmed that Chrome will automatically download Gemini Nano. They also indicate that users can disable the feature through Chrome settings. But for an organization with dozens or hundreds of endpoints, you want to be in control of this.

Fortunately, there is a central policy setting that lets you control this for the entire environment. The setting is called GenAILocalFoundationalModelSettings and is available through the Chrome Enterprise ADMX templates. Set the value to 1 (Do not download model) to prevent Chrome from downloading the model. This will also automatically delete an already downloaded model as soon as Chrome is reopened. Full documentation of this setting can be found at https://admx.newyard.nl/gpo/google-chrome-settings-for-genai-local-foundational-model/

What else you can do:

  • Using your endpoint monitoring tool, check whether weights.bin is already present on endpoints (search in ChromeProfile folders).
  • Proactively block the download via the policy setting GenAILocalFoundationalModelSettings before the file returns.
  • Capture the measure in your security baseline and document the choice for compliance purposes.
  • Inform your users that some AI features in Chrome are unavailable as a result, so you don’t get unnecessary help desk tickets.
  • Keep monitoring this: Google may change the policy around Gemini Nano in future Chrome versions.

Common objections and honest answers

‘Chrome just downloads this as part of the browser, right? Should I care about that?’

Chrome adds this model in addition to the regular browser update, as an additional download of nearly 4 GB per user profile. This is fundamentally different from a regular browser update. It involves application data that Chrome writes to the profile in the background, without the administrator seeing any of it or having a choice in the matter. In a VDI environment with FSLogix, that directly impacts your profile storage and storage costs.

‘We hardly use Chrome anyway, we work through Citrix.’

Especially in a Citrix or AVD environment, this is relevant. If Chrome is on the golden image, any user who logs in and opens Chrome automatically gets the model in their profile. It does not matter if the user is actively using Chrome. The model is downloaded as soon as the profile is created or Chrome starts for the first time. And it just lands in the profile, on your file server or in Azure. So check not only the workstations or laptops, but also the VDI images and their profile storage.

‘Google says the model is automatically deleted when disk space is low.’

True, but that’s reactive management. In a properly set up environment, you want to manage this proactively through policy, so you don’t have to rely on the disk space threshold that Chrome itself monitors.

‘Isn’t this an exaggeration? It’s AI, that’s part of it these days.’

AI integration into software is a fact of life. But uncontrolled installation of large files without permission is a management issue, regardless of whether it involves AI. You decide what’s on your endpoints, not the software vendor.

Checklist: what are you doing today?

  • Take inventory: is Gemini Nano already in your user profiles? Search for weights.bin in the FSLogix containers or Chrome profile folders on the VDI hosts.
  • Set the GenAILocalFoundationalModelSettings policy setting to 1 via GPO or registry. After setting, Chrome automatically removes the model on the next startup. See admx.newyard.co.uk/gpo/google-chrome-settings-for-genai-local-foundational-model/
  • Validate the setting on a test device before rolling out to the full environment.
  • First, check if weights.bin is already present in the FSLogix containers or Chrome profile folders. Existing files are automatically deleted as soon as Chrome picks up the policy on the next browser launch. If you don’t want to wait, delete the files via a script or management tool before rolling out the policy.
  • Document the measure in your security baseline.
  • Set a monitoring alert if the file reappears after a future Chrome update.
  • Inform your help desk team so they can explain reports from users about missing AI features.

Grip on your endpoints starts with visibility into your environment

This is exactly the kind of situation we frequently encounter at New Yard: a vendor makes a change, outside the standard update process, and IT administrators don’t notice until profile containers grow, storage costs increase or users complain.

A well-designed management environment ensures that these types of changes are visible and that you have the means to respond quickly. Whether it’s FSLogix profiles in AVD, an on-premises Citrix environment or employee laptops, the digital workplace requires proactive management, not reactive remediation.

At New Yard, we help organizations keep their endpoints, applications and user environment insightful and manageable. Not because it’s technically interesting, but because it directly impacts productivity, security and compliance.

Want to know how your endpoint management is doing now?

We are happy to take a look with you. Not a sales pitch, but a concrete conversation about what is going on in your environment and what you can improve. Schedule a free introductory meeting via newyard.nl.

Contact
Other posts