Most people don’t realize this, but when your PC gets infected from browsing a web site, it’s not usually because of your browser—it’s because of your plugins, like Flash, Java, and others. They are sadly insecure, but Google Chrome has a built-in option to make your PC much safer.
The option is actually called “Click to Play”, and it’s only enabled inside a hidden page—though we have to assume it’ll eventually make its way to the default Options page. The really great thing is that it works across all plugins, not just Flash, meaning that you can also stop Java and other insecure plugins.
Enabling Click to Play (FlashBlock!) in Google Chrome
The first thing you’re going to want to do is type about:flags into your location bar and hit the Enter key, which will bring up a page of “experimental” features you can enable. Find Click to Play in the list, enable it, and then restart your browser using the button at the bottom of the page.
Now you’ll need to head to Tools –> Options –> Under the Hood, and click on the Content settings button.
Scroll down until you see Plug-ins, and click the Click to Play radio button to enable the feature.
You’ll also notice the Manage exceptions button in here, where you can override this for particular sites—say you wanted to always have Flash enabled on YouTube, or use Java on a particular site that you trust. Once you’re done in here, click the “Disable individual plug-ins” link.
This will take you to the Plug-ins page, which you could also access by typing about:plugins into the address bar. Once in here, you should disable anything that you don’t use, like Java.
All done? Head over to a page that would normally load a plugin to test it out, like YouTube. You’ll see that the Flash plugin is blocked, but you can click to enable it on a particular page. You’ll also notice a new icon up in the address bar, in case the plugin doesn’t show on the page, from which you can enable the plugins just this time, or always.
And now you should be at least 5000% more secure. Just be careful not to download anything weird from a shady site, and you should be pretty safe.