Writing

chromegoogleprivacysurveillanceai

The Manifest: What Lives Inside "Just a Browser"

A disk-cleanup session turns into an inventory of the machinery Google ships to two billion machines — silently, continuously, and mostly without a name you'd recognize.

Chrome silently installs and updates 24 software components on my machine. I did not install any of them. There is no consent screen, no settings toggle and no documentation a normal person would find. They include:

  • machine learning models that analyze the pages I read
  • regular expressions that extract prices from those pages
  • the registry of companies allowed into Google’s post-cookie advertising system
  • rules for what an AI agent may do inside my browser

You can see your own list at chrome://components. Almost no one ever opens it. This is an inventory of that page: what each component does, sorted into layers, and why the delivery pipeline matters more than any single entry.

How a disk clean-up found them

Chrome had been running for days and memory was creeping. I did what anyone who lives in the terminal does: I looked.

ps aux | grep -i "[C]hrome" | awk '{sum+=$6} END {print sum/1024 " MB"}'

1947.16 MB

Nearly 2GB of RAM. A restart cut it in half. Normal browser bloat, nothing sinister. Disk told a different story.

du -sh ~/Library/Application\ Support/Google/Chrome

1.4G
du -sh ~/Library/Caches/Google/Chrome

1.7G

Inside that 1.4GB, past my actual profiles of bookmarks and passwords, sat about 360MB of things I never installed. The folders had names like screen_ai, optimization_guide_model_store, component_crx_cache and OnDeviceHeadSuggestModel. They hold machine learning models and policy files. Chrome pushed them to my machine through a channel I had never looked at.

24 components, no descriptions

The page at chrome://components lists 24 entries on my machine. Each shows a name, a version number and a ‘Check for update’ button. Nothing else. These are not extensions. They install and update through Chrome’s component updater, which runs outside the extension system entirely. Some version strings were dated yesterday.

Read as a list, it is noise. Sorted into layers, it shows what the browser has quietly become.

Layer 1: security plumbing

Some of this machinery is exactly what silent updates are for:

  • CRLSet and PKI Metadata carry lists of revoked certificates. A stale revocation list is a real security risk, and waiting for a full browser update to refresh one would be negligent.
  • File Type Policies flags dangerous downloads.
  • Zxcvbn Data Dictionaries powers the password strength checker. It is a well-regarded open source library.
  • Certificate Error Assistant, Safety Tips, Captcha Providers and Chrome Improved Recovery are plumbing.

Nobody serious objects to this layer. It is worth naming because it justifies the pipeline everything else arrives through.

Layer 2: policy shipped as data

Each component in this layer encodes a policy decision as a data file:

  • Subresource Filter Rules blocks ‘abusive’ ads. This means Google, the largest advertising company in history, maintains the list of which ads are too bad to show.
  • Crowd Deny blocks notification prompts on sites where users usually refuse them. On my machine its version updates almost daily.
  • Related Website Sets defines which corporate domains may share your data as if they were one site.

What counts as abusive, what counts as annoying, who counts as one company: each is a judgement, encoded as data and refreshed continuously. You never approved any of it in an update dialog.

Layer 3: analysis models on your machine

This is where my 360MB went:

  • ScreenAI Library is a computer vision model. Google built it for accessibility features like generating alt text and reading PDFs aloud. Structurally, it is an OCR and scene-understanding model resident in the browser.
  • Optimization Hints feeds a rotating store of smaller models for page prediction, topic classification and engagement scoring.
  • OnDeviceHeadSuggest generates search suggestions locally.
  • History Search builds semantic embeddings of the pages you visit. Your reading, vectorized, so the browser can search your history by meaning.

The pitch for all of this is privacy. The analysis happens on your device and the raw data stays there. That is true, and it is better than sending your history to a server. But the analytical capability itself now lives on your hardware. The pipeline for pushing new models to 2 billion devices is built, normalized and used daily. Nobody has answered the governance question: who may push what model, analyzing what, reportable where. Each component arrived under a benign use case, so the question never came up. Civic surveillance follows the same pattern: capability first, accountability never.

Layer 4: commercial parsing

Two entries deserve quoting verbatim, because their names do the work: Commerce Heuristics, and Amount Extraction Heuristic Regexes. The second is literal. It is a set of regular expressions for extracting prices from the pages you visit. They feed Chrome’s shopping features: price tracking and discount surfacing. Your browser ships a component whose entire job is parsing how much things cost on the pages you read.

Alongside them, MEI Preload seeds the Media Engagement Index. These are Google’s pre-computed scores of which sites you are ‘engaged’ enough with to be allowed to autoplay video at you. Your attention arrives pre-scored, shipped down as a starting balance.

Layer 5: Google as regulator of Google’s market

Privacy Sandbox Attestations lists the companies that have pledged compliance with Google’s post-cookie advertising system. Sit with that. The dominant player in the ad market distributes, through its own browser, the registry of who may take part in the market it designed. Trust Token Key Commitments and Origin Trials work the same way: permission slips for experimental web features, authorized by Google, distributed as component updates.

The newest arrival: rules for an AI acting in your browser

The entry I keep returning to is Actor Safety Lists. It governs Chrome’s agentic AI features, where an AI acts in the browser on your behalf. It holds the allowlists and blocklists for what the agent may click, fill or do. The browser now ships a policy file for the behavior of an AI operating inside your session. Five years ago that sentence would not have parsed. It arrived the way everything on this page arrives: silently, versioned, buried on a diagnostic page, already up to date.

Then there is Widevine, the DRM module. It is the one component that is explicitly not yours: a black box on your machine whose function is to hide content from you, the owner of the hardware.

The pattern

Every entry on the page is the same move: policy shipped as data. These are not software updates you approve. They are continuously refreshed lists of what is allowed, blocked, trusted and worth analyzing. Some refresh daily. None are announced. All ride a pipeline justified by certificate revocation lists.

‘I installed a browser’ has quietly become ‘I host a continuously updated suite of analytical and regulatory systems, operated by an advertising company, on hardware I own.‘

Keep a record

chrome://components is a primary source hiding in plain sight: the visible manifest of the invisible layer. It costs nothing to screenshot. Do it periodically and you get a longitudinal record. Watch the agentic AI entries multiply. Watch the commerce layer grow. Watch the count tick up from 24, component by component, on a page no user ever looks at.

The most honest documentation of what your software is doing is often the part that was never meant to be read.


Field notes: components observed July 2026, Chrome 150, macOS. Your manifest may vary. That is rather the point.