u/Educational-Split463

Google Chrome is silently dumping a 4GB AI model into our devices without any prior consent. The same pattern can be noticed when Anthropic Claude Desktop silently registered the Native Messaging bridge into 7 Chromium-based websites. For millions of users using limited data plans or whatsoever is likely to be wiped out an entire month's data allowance overnight. This silent installation of a 4GB AI model onto our device is likely violating many privacy laws like GDPR and PECR.

The main concern we need to be alert about is that this works offline at the backend no pop-up, no notice, nothing and at scale comparison, it is 60,000 tonnes of CO2 consumption. Which is basically huge and illegal. Now, if you are thinking of deleting it manually, Chrome will reinstall it automatically.

What you can do right now is:

• Check your storage
• Report it to the ICO(Information Commissioner's Office)
• Demand that Google notify you earlier before any new update, and
• Secure your user credentials immediately.

If Google can silently install a 4GB AI model without consent today, what exactly is stopping them from pushing something even more invasive tomorrow, and why are regulators still silent about it?

A critical RCE (Remote Code Execution) vulnerability CVE- 2026-3854 with a CVSS of 8.7(Base Score) has been discovered inside GitHub.com and GitHub Enterprise Server. This allows authenticated users to inject commands via push options, compromising the shared repositories and fully taking over the Enterprise Servers.

How discovered: Researchers found this vulnerability through AI- Powered reverse Engineering.

Exploitation: An authenticated user with push access to repository can trigger RCE.

Defense: Priotirise applying vendor patches, 88% of GHES instances remain unpatched. Stay alert for any update for GitHub.com and GitHub Enterprise Server to immediately mitigate the risk.