A comprehensive list of Chrome's on-device machine learning models, including specialized tools for language processing, page analysis, and content safety.
If you use Google Chrome, you might not realize that your browser is packed with machine learning models running directly on your device. These local models are designed to protect your privacy and speed up your browsing by keeping your data on your machine.
For example, specialized AI engines handle everyday tasks in the background. An engine named Anchovy processes images and extracts text, while others like Orca and Mahi handle text generation and document summaries. There are also models that run in the background to detect phishing attempts, filter out spam, predict which permissions you are likely to grant, and customize your toolbar based on how you use the web.
But as AI becomes more integrated into our browsing, it also changes how we think about security. Google points out that if a prompt tricks an AI feature into generating inappropriate content or leaking its internal instructions, it is usually not considered a security vulnerability. The browser has built-in guardrails, but simply controlling an AI's output is not a security flaw unless it causes actual, demonstrated harm to the user.
Finally, Google warns against using AI tools to find and report bugs in Chrome. These automated tools often hallucinate and submit confusing, low-quality reports that waste the security team's time. If you want to report a vulnerability, the team says human verification is still essential to ensure the issue is real, actionable, and reproducible.
Following is the complete list of machine learning models in Chrome many of which are on your device. They are located in your User Data folder and you can easily check to see which ones you have as they are all in numbered folders.
C:\Users\{YOUR_USERNAME}\AppData\Local\Google\Chrome\User Data\optimization_guide_model_store
Chrome uses numerous on-device machine learning models to enhance user experience, improve performance, and protect privacy. These models run locally on your device, ensuring fast responses and data privacy. Here’s a comprehensive list of all Chrome’s on-device AI models and their functions:
Identifies the language of text content on web pages to enable translation features and language-specific optimizations.
Performs smart text selection and entity extraction from web content, helping identify important information like addresses, phone numbers, and dates.
Generates numerical representations of text for similarity comparisons and semantic understanding across various Chrome features.
Creates embeddings specifically for longer text passages, enabling better understanding of document content and context.
Breaks down sentences into meaningful phrases, improving text comprehension and natural language processing capabilities.
Evaluates text content for potentially harmful or inappropriate material to protect users from unsafe content.
A newer, more comprehensive safety model that replaces the basic text safety model with broader content protection capabilities.
Powers spelling and grammar checking features to help users write better content across the web.
Supports Chrome’s Writer and Rewriter features, helping users compose and improve their written content.
Analyzes web pages to determine the main topics and themes present in the content for better content recommendations and filtering.
Identifies specific entities (people, places, organizations, products) mentioned on web pages for enhanced understanding and features.
Determines which UI elements should be visible on a page based on content and user context.
Classifies and extracts searchable images from web pages, enabling visual search capabilities.
Identifies educational content and resources on web pages for specialized handling and recommendations.
Detects potential phishing websites directly on your device without sending URLs to external servers.
Analyzes images on web pages to identify visual phishing attempts and deceptive content.
Classifies notification content to identify suspicious or potentially harmful messages.
Identifies potential scam patterns in web content and user interactions.
Predicts whether users are likely to accept notification permissions based on context and behavior.
Estimates the likelihood of users granting location access to websites.
Analyzes visual context to determine if location permission requests are relevant.
Evaluates visual elements to assess the relevance of notification permission requests.
Advanced models for intelligent permission request handling, including AIv4 models for desktop geolocation and notifications.
Identifies users who frequently use the new tab page for personalized experiences.
Recognizes users who regularly share content for optimized sharing features.
Identifies users who prefer voice interactions for enhanced voice features.
Segments Android users based on their Chrome start page usage patterns.
Identifies users who benefit from query tile suggestions.
Detects users with minimal Chrome engagement for targeted re-engagement strategies.
Identifies users who actively engage with Chrome’s content feed.
Recognizes users interested in shopping for enhanced e-commerce features.
Identifies users who heavily rely on search functionality.
Detects users who frequently switch between devices for continuity features.
Customizes toolbar options based on user behavior and preferences.
Identifies tablet users focused on productivity tasks.
Determines which users would benefit from a bottom toolbar layout.
Personalizes Desktop New Tab Page modules based on user preferences.
Determines which users should see promotions for Chrome’s Compose feature.
Identifies users who would benefit from Federated Credential Management features.
Determines when to show default browser promotions to iOS users.
Groups users based on usage metrics for better feature targeting.
Provides intelligent autocomplete suggestions for URL bar queries without server calls.
Ranks and scores URL suggestions in the address bar for better predictions.
Enhances searching through browsing history with intelligent understanding.
Understands the user’s intent when searching through their browsing history.
Ranks previously visited URLs for quick resumption of browsing sessions.
Predicts which links users are likely to click for speculative preloading.
Powers on-device text composition assistance for various writing tasks.
The AI writing assistant for short-form content creation (as discussed in the previous article).
Identifies and classifies form fields for accurate autofill suggestions.
Recognizes and categorizes password and login forms for secure credential management.
Ranks grouped history items for display in the New Tab Page.
Determines the order and relevance of modules on iOS start pages.
Optimizes the arrangement of modules on Android home screens.
Determines when and how to promote Progressive Web App installations.
Identifies when to show price tracking options based on page content.
Separates foreground from background in video streams for virtual backgrounds.
Predicts when a page load will be slow or resource-intensive for optimization.
Tests and validates new model deployments and updates.
Enables data collection for various experimental features.
Tests new embedding model architectures and approaches.
Chrome deeply integrates AI both in user-facing features like Gemini Live in Chrome , “Help me write” and Devtools assistants and in internal models that help block unwanted
notifications or improve page loading.
Chrome does not treat misleading, misaligned or unsafe model output as a
vulnerability. Please report such safety violations using in-product feedback
mechanisms.
Chrome AI features include guardrails to ensure that their output is safe and
reasonable but these guidelines do not form a security boundary. Any prompt that
causes these guidelines to be violated is not a security issue in Chrome. Use
in-product mechanisms to thumbs up / thumbs down results, or click on
‘send feedback’ to report other inappropriate content.
For AI features implemented using a Google backend it is possible that some
prompted output could be a valid abuse report, but will not be considered to be
bugs in Chrome. These should be reported via the Google Abuse VRP
or Google VRP depending on the severity of the
issue.
Chrome AI features trust what people using Chrome supply in input fields, audio
inputs, or other Chrome input surfaces. Tricking a user into entering a
malicious prompt (e.g. by copy/pasting from a site) is not considered to be a
security boundary as many people copy & paste text and urls as they use features
in Chrome.
AI features may use urls when generating their output so it is expected that
page content will influence the output. Chrome AI features include mitigations
and filters to prevent harmful actions that result from operating on page
content. Controlling the AI output is, by itself, not a security issue, unless
some further harm to a user can be demonstrated.
AI features may use page content (including images and subframes) when
generating their output so it is expected that page content will influence the
output. Chrome AI features include mitigations and filters to prevent harmful
actions that result from operating on page content. Controlling the AI output
is, by itself, not a security issue, unless some further harm to a user can be
demonstrated.
AI features may use page content including invisible content when generating
their output so it is expected that page content will influence the output.
Chrome AI features may detect, scrub, or deprioritize invisible content, but
failing to do so is not considered a security vulnerability as it is impossible
to do so in all cases.
Chrome AI features take actions to limit what navigations are possible, and
require user action before following links that could leak information to
prevent scalable or targeted attacks. Web pages can already supply links or
cause redirections and navigation and causing a user to follow these, via an AI
feature, does not add a new attack surface.
Indirect prompt injections that result in unintended actions or leak information
may be considered security issues and should be reported through the Chrome
security tracker. Please create a recording from a fresh session that
demonstrates the issue, and upload all files used as part of the demonstration.
If a Gemini session is associated with your report, it will help us if you are
able to share the session from your activity page, and the version of the model
you are using.
Output surfaces should sanitize inputs and transformed outputs. Please create a
recording from a fresh session that demonstrates the issue, and upload all files
used as part of the demonstration. If a Gemini session is associated with your
report, it will help us if you are able to share the session from your activity
page, and the version of the model you are using. Note that directly injecting
code into a trusted surface via devtools does not demonstrate a vulnerability.
Simply asking an AI to identify a bug report in Chrome is unlikely to yield a
valid report. Before submitting a report generated by AI please ensure you have
done enough human work to validate that any issue is (a) in our threat model,
and (b) reachable in Chrome by constructing a POC, generating an ASAN trace,
recording the bug reproducing, or performing your own debugging.
AI is prone to hallucinations when asked to find security bugs and can generate
reports that repeat previously fixed issues, or describe general classes of bugs
without discovering a specific actionable issue. As the reports can be lengthy,
they take a lot of time for our security experts to process and understand
before closing. Submitting reports without doing some work yourself to validate
that an issue is actually present in Chrome harms our users by wasting the time
and resources of the Chrome security team.
Submitting multiple low-quality AI generated reports will be treated as spamming
and has lead to accounts being banned from our reporting systems.
AI can be used to accelerate developer workflows and may be useful when
understanding code or translating from one language to another. AI tools can be
helpful when searching for security vulnerabilities in Chrome, but remember that
additional work must be done to ensure that vulnerability reports are brief,
actionable, and reproducible. These must meet the prerequisites of a baseline security bug report before we can pass them to teams to be fixed.
Source: https://source.chromium.org/chromium/chromium/src/+/main:docs/security/faq.md
Dan Petrovic ·
Oct 30, 00:40
Sign in with Google to comment.
