Chrome Gemini Infection Tree · Full Product × Law × Class Action Helix

LAYER 0 · ROOT INFECTION

🔴 chrome.ai API

4GB Gemini Nano · silent install · no consent · open API surface · re-download persistence
Any website · any extension · any Google product running in Chrome can invoke it
CASL s.8 · PIPEDA 4.3 · GDPR Art.6/25 · CFAA · Competition Act s.74.01

γ₁ = 14.134725141734693 · The invariant is consent

TRUNK · GOOGLE ACCOUNT / OAUTH LAYER

~3B Google Accounts · chrome.ai reads session state, OAuth tokens, identity surface across ALL products
PIPEDA 4.3 CASL s.8 Criminal Code s.342.1 28M Canadian accounts at risk

LAYER 2 · BRANCHES · CLICK ANY PRODUCT TO EXPAND

BRANCH 1

📧

Gmail

CRITICAL

Attack chain: Extension → chrome.ai → extract OTPs + password reset links from Gmail DOM → account takeover → financial fraud

Laws triggered:
Criminal Code s.184 PIPEDA 4.3 CASL s.6 Consumer Protection Act s.17

Class action:
1.8B users globally 18M Canada $200/install

Privilege amplifier: Legal professionals, solicitor-client privilege. Law Society of Ontario obligations triggered.

Precedent: R. v. Vu 2013 SCC 60 — unreasonable search of computer. Directly analogous.

BRANCH 2

💼

Google Workspace

CRITICAL

Attack chain: Chrome extension → chrome.ai → process Docs/Sheets across all tabs → exfiltrate M&A terms, HR records, legal advice

OSFI B-10 Quebec Law 25 PIPEDA 4.3 IIROC DMR 3200 Bill C-27 CPPA

OSFI B-10 nuclear: Canadian banks using Workspace now have an undisclosed AI processing layer. OSFI requires disclosure of ALL data processing arrangements. Chrome = new undisclosed arrangement. Regulatory disclosure required immediately.

3B+ Workspace users Federal Court OSFI referral

BRANCH 3

🔍

Google Search

HIGH

Attack chain: chrome.ai processes search history → builds health/financial/political profile locally → exfiltrates inferred data only

PHIPA GDPR Art.9 PIPEDA 4.3 Quebec Law 25

Novel theory: "Inferred health data liability" — if chrome.ai infers health status from search queries, it creates health-category data without user ever providing it. No existing law cleanly covers AI-inferred sensitive categories. First case to establish this changes all AI health data law.

93% search market share Novel GDPR Art.9 theory

BRANCH 4

🧩

Extensions Marketplace

CRITICAL

Google's dilemma: Created chrome.ai → approved 300K+ extensions → failed to audit for chrome.ai abuse → any "grammar checker" can now invoke local LLM across all tabs

Products Liability Negligent Design Consumer Protection Act

Apple App Store parallel: Apple argues Store review = platform insulation from developer liability. Google's review is WEAKER. Google created the API. Google cannot escape the enabling liability.

Timeline: When first malicious chrome.ai extension causes documented harm → platform liability case files within 90 days.

Ontario Superior Court First malicious exploit = trigger

BRANCH 5

💳

Google Pay / Wallet

CRITICAL

Attack chain: chrome.ai reads payment confirmation DOM → extracts card last 4, merchant, transaction amounts → financial fraud enablement

PCI-DSS 4.0 Req.12.8 Bank Act s.459 PCMLTFA Criminal Code s.342 Consumer Protection Act s.86

⚡ PCI-DSS NUCLEAR: PCI-DSS 4.0 Req.12.8 requires assessment of all service providers that store/process/transmit cardholder data. If chrome.ai has access to payment data, Chrome is now PCI in-scope. No merchant has assessed Chrome as a PCI component. Every PCI-compliant merchant using Chrome just had their compliance invalidated.

Every PCI-compliant merchant Emergency scope review

BRANCH 6

🗺️

Google Maps

HIGH

Data exposed: Home/work addresses, recent location history in UI, medical facility visits, legal office visits, domestic violence shelter searches

PIPEDA 4.3 Quebec Law 25 Bill C-27 CPPA

DV amplifier: Domestic violence survivors using Maps — if chrome.ai processes shelter location searches, it creates catastrophic personal safety risk. Courts treat DV survivors as maximum protection class.

Location = sensitive PI DV survivor protection class

BRANCH 7

▶️

YouTube

HIGH

Data exposed: Viewing history (reveals political/religious/health interests), comment drafts, subscription list (reveals affiliations)

PIPEDA 4.3 COPPA ($170M precedent) Broadcasting Act Bill C-11

COPPA parallel: Google settled YouTube COPPA for $170M in 2019. Chrome + YouTube = structurally identical theory if under-13 viewing data processed by Gemini Nano. $51,744/violation/day ongoing.

$170M 2019 precedent Political/religious PI

BRANCH 8

📊

Google Ads

HIGH

Novel theory: The inference-to-targeting pipeline — if chrome.ai output (local inference about user intent) feeds back into Google's ad targeting, the "local = private" claim collapses entirely. Local inference → cloud targeting = complete end-to-end unauthorized data processing never disclosed.

GDPR Art.22 PIPEDA 4.3 CASL s.6

B2B angle: Competitor ad strategies exposed via chrome.ai processing of advertiser Google Ads dashboard sessions.

Novel: inference→targeting pipeline GDPR Art.22 automated decisions

BRANCH 9

☁️

Google Cloud / GCP

CRITICAL

Attack chain: Extension → chrome.ai → "find all API keys and credentials visible in browser" → instant infrastructure compromise via harvested GCP credentials

CFAA 18 USC 1030 Criminal Code s.430 OSFI B-10 PIPEDA 4.3

OSFI B-10 again: Financial institutions using GCP now have unassessed AI touching their cloud credentials. One successful credential harvest from a Fortune 500 GCP console = potential 9-figure breach.

Credential harvest → 9-figure breach OSFI B-10 disclosure required

BRANCH 10

🎓

Google Classroom

CRITICAL · NUCLEAR

Minors. This is the COPPA nuclear option.

Student assignments, grades, teacher feedback, school identity, educational records — all accessible via chrome.ai in Chrome sessions.

COPPA $51,744/day FERPA MFIPPA Ontario PIPEDA GDPR Art.8 GDPR Art.9 (children)

Automatic class cert: Minors + educational records = automatic class certification in most jurisdictions. FERPA violation = federal funding revocation for US school districts. $170M YouTube COPPA settlement is the floor, not the ceiling.

Automatic class certification $170M YouTube precedent FERPA federal funding at risk

CONTROL FRAMEWORKS — ALL TRIGGERED SIMULTANEOUSLY

✅

CONSENT

CASL s.8
PIPEDA 4.3
GDPR Art.6
→ No express consent for install

📏

DATA MIN

GDPR Art.5(1)(c)
PIPEDA 4.4
→ 4GB model processes all browsing

🔐

PRIVACY BY DESIGN

GDPR Art.25
OPC PbD Framework
→ Opt-out default, not opt-in

📋

ACCOUNTABILITY

PIPEDA 4.1
GDPR Art.5(2)
→ No disclosure to data subjects

🎯

PURPOSE LIMIT

GDPR Art.5(1)(b)
PIPEDA 4.2
→ Browser → LLM = new purpose

🛡️

SECURITY

ISO 27001
SOC 2 Type II
NIST CSF
→ API surface not in threat model

🚨

INCIDENT REPORT

PIPEDA breach regs
GDPR Art.33
→ 72hr report if chrome.ai exploited

💳

PCI-DSS 4.0

Req.12.8, 6.3
→ Chrome now PCI in-scope
→ Emergency scope review

🏦

OSFI B-10

Outsourcing risk mgmt
→ Undisclosed AI processing
→ Regulatory disclosure required

🏫

MFIPPA/FERPA

Ontario school boards
FERPA (US)
→ Student data via Classroom
→ Board-level policy required

REGULATED INDUSTRY AMPLIFIERS · LAYER 3

INDUSTRY	REGULATOR	SPECIFIC RULE	TRIGGER	SEVERITY
Banking / Financial	OSFI	B-10 Outsourcing	Undisclosed AI on employee Chrome	CRITICAL
Banking / Financial	FINTRAC	PCMLTFA	Payment data accessible to chrome.ai	HIGH
Securities	OSC / IIROC	Dealer Member Rule 3200	Trading platform data in Chrome sessions	HIGH
Healthcare	ICO / PHIPA	Health Records Protection Act	PHIPA applies to any health-related data	CRITICAL
Legal Profession	Law Society of Ontario	Rules of Professional Conduct	Solicitor-client privilege threatened by chrome.ai	CRITICAL
Insurance	FSRA	Insurance Act	Underwriting data in Chrome sessions	HIGH
Government	Treasury Board	Directive on PIA	Federal employee Chrome = unauthorized AI	HIGH
Education	MFIPPA / FIPPA	Student Records	School board Chrome → Classroom data	CRITICAL
Critical Infrastructure	Public Safety Canada	CritSec Framework	SCADA-adjacent Chrome sessions	HIGH
Transit / STC	TTC / Metrolinx	Procurement integrity	$10B SSE project data in Chrome	HIGH
Payments / PCI	PCI SSC	PCI-DSS 4.0 Req.12.8	Chrome now PCI in-scope for cardholder data	CRITICAL

$600M — $7B+

TOTAL CANADIAN FIRST-MOVER CLASS ACTION EXPOSURE

CASL Ontario class: $100M–$1.26B · CASL national: $500M–$5.6B · COPPA parallel: $170M floor
GDPR EU: €390M precedent → 4% turnover (~$14B theoretical max)
PCI compliance invalidation: industry-wide emergency re-audit
Insurance subrogation post-exploit: reinsurance-level, unmodelled
Sony BMG settled at $150M at a fraction of this scale. Chrome is orders of magnitude larger.

SEQUENCING STRATEGY · CLO BENCH

PHASE 1 · THIS WEEK

Regulatory (free)

OPC complaint (PIPEDA)
CRTC referral (CASL s.8)
STC device advisory
Chrome policy: disable On-device AI

PHASE 2 · THIS MONTH

Legal groundwork

Retain class action counsel
Draft GC network advisory
Amani distributes to GC network
OSFI B-10 referral (banking)

PHASE 3 · 60-90 DAYS

Class action scope

Define branches for class (Gmail + Pay + Workspace)
Litigation finance exploration
US co-counsel (COPPA / Classroom)
EU co-counsel (GDPR)

PHASE 4 · POST-EXPLOIT

Platform liability trigger

First chrome.ai exploit → platform case files
Insurance subrogation case
EOSE as technical expert witness
Sovereign alternative commercial push

EOSE SOVEREIGN DOCTRINE · VALIDATED BY THIS TREE

Any system that deploys AI without consent, creates open API surfaces over user data, operates across a product ecosystem without consistent data governance, and uses update channels to bypass consent requirements — will eventually infect every product in its ecosystem, trigger every law in every jurisdiction it operates in, and create correlated systemic risk that no insurer can model.

The EOSE answer to every branch of this tree:
SOSTLE: every model invocation is gated, scoped, audited · PEMCLAU: every inference is a sovereign graph node · Private lane: no external API surface for L5+ · GID: identity never leaves the resolver · γ₁ = 14.134725141734693: the invariant is consent