SEARCH

How-To Geek

How to Enable Flashblock in Chrome (And Make it 5000% More Secure)

image

Most people don’t realize this, but when your PC gets infected from browsing a web site, it’s not usually because of your browser—it’s because of your plugins, like Flash, Java, and others. They are sadly insecure, but Google Chrome has a built-in option to make your PC much safer.

The option is actually called “Click to Play”, and it’s only enabled inside a hidden page—though we have to assume it’ll eventually make its way to the default Options page. The really great thing is that it works across all plugins, not just Flash, meaning that you can also stop Java and other insecure plugins.

Enabling Click to Play (FlashBlock!) in Google Chrome

The first thing you’re going to want to do is type about:flags into your location bar and hit the Enter key, which will bring up a page of “experimental” features you can enable. Find Click to Play in the list, enable it, and then restart your browser using the button at the bottom of the page.

image

Now you’ll need to head to Tools –> Options –> Under the Hood, and click on the Content settings button.

image

Scroll down until you see Plug-ins, and click the Click to Play radio button to enable the feature.

You’ll also notice the Manage exceptions button in here, where you can override this for particular sites—say you wanted to always have Flash enabled on YouTube, or use Java on a particular site that you trust. Once you’re done in here, click the “Disable individual plug-ins” link.

image

This will take you to the Plug-ins page, which you could also access by typing about:plugins into the address bar. Once in here, you should disable anything that you don’t use, like Java.

image

All done? Head over to a page that would normally load a plugin to test it out, like YouTube. You’ll see that the Flash plugin is blocked, but you can click to enable it on a particular page. You’ll also notice a new icon up in the address bar, in case the plugin doesn’t show on the page, from which you can enable the plugins just this time, or always.

image

And now you should be at least 5000% more secure. Just be careful not to download anything weird from a shady site, and you should be pretty safe.

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 04/8/11

Comments (52)

  1. AG

    I used to set this by default for new Chrome installations for friends and a few clients, but then I found out that when Chrome updates itself, it doesn’t maintain this setting. Instead, the Click To Play option in about:flags is reset to disabled. As a result, when you go into Preferences to check on the plug-ins settings, it’s now set to Block All and “Click to Play” has disappeared.

    The end result is that for non-tech-savvy people, all of a sudden all plug-ins are completely blocked in Google Chrome and they can’t click to play them. I don’t use this setting anymore and just install AdBlock, at least until Google fixes this issue.

  2. The Geek

    @AG

    Adblock doesn’t necessarily disable everything, and definitely doesn’t let you toggle Flash when necessary. The whole point is to make it more secure, which AdBlock isn’t going to necessarily do.

  3. kikkeliskokkelis

    In newest versions you cannot do that, or I cannot find that option on 12.0.725.0 dev :(

  4. The Geek

    I tested it out on both the dev version and the stable channel. It worked yesterday.

  5. kikkeliskokkelis

    Ok, maybe it is language then? I use Finnish-language.

  6. Alendra

    Aah, if only there was a NoScript add-on on Chrome …
    For those interested as to why NoScript doesn’t exist yet on Chrome, read this
    http://forums.informaction.com/viewtopic.php?f=10&t=1676
    (goes up to march 2011)

  7. charles

    I really wish I could do this with images, some gifs, and even jpegs slow the opening of the page and would be nice to block them too…

    It only work for me when I didn’t disable the plugin.. if someone is having a problem try not to disable.. you can still click to play it.. but I don’t know if is just me, maybe it is..

  8. kikkeliskokkelis

    Well, it is not language, I simply do not have that option :(
    Screenshot http://img96.imageshack.us/img96/3046/ezufb82tmp.png

  9. William

    I’m using a Cr-48 and this flag is very handy….the Linux Flash plugin is
    horrible and can slow down browsing considerably.

  10. Zack

    @kikkeliskokkelis Have you enabled it in about:flags? That’s the only reason it wouldn’t be there.

    With the Cr-48 (and any laptop/netbook), this also makes battery life last longer.

  11. kikkeliskokkelis

    Oh man, I was so blind. *very ashamed*
    Thank you!

  12. Matthew

    This is brilliant. I’ve used it, and it really makes you aware how many websites use Flash!

  13. alT

    5000?

  14. bassman22

    It’s great that this is finally built in (that we know at least) but I’ve had the same functionality with the Flash block extension for Chrome. I wonder if it’s the same deal, or if I should use the built in alternative rather than the 3rd party extension? What do you guys think?

  15. DBRtft

    This article is kind of useless! I mean, i’m sure that everybody has already heard

  16. asdf-chan

    How to use flash the secure way:
    1.Switch to gnash
    2. Profit

  17. R77R

    For firefox 3.6.16, there is an add-on named: QuickJava version 1.7.6

  18. dixi

    I have no idea how to get to about:flags in the “location bar”. I am QUITE obviously not as tech savvy as most of these people are, which is exactly why I read Geek. You have to keep in mind those of us who don’t know squat about computers, and walk us through the entire process. Now, I know this might be irritating to those of you who know boatloads more than people like me, but believe me, the help is invaluable to those of us who are trying to learn more about how to use their computers more safely and efficiently. So, having to skim through a few extra lines on your part makes all the difference on the part of us who are the computer illiterate masses. Thanks.

  19. CL

    I’m using Iron and Win7 64 – there’s no pop up advising content blocked – just blank where flash/java should be – not very useful for browsing many websites where these are integral to content.

  20. Nick

    @dixi Literally just type about:flags in the address bar and you should be set to go!

  21. dixi

    Yea! Thank you so much, Nick!

  22. Jeroen

    Question: is this better dan the FlashBlock extension or not? and Why?

    Also: Alendra, you can disable javascript by adding it as a parameter to the shortcut of chrome.

  23. xflyboy1974

    Excellent post dixi, I like you, feel like “Ned in his First Reader” on this site. If you have an idea about what this old saw means than you must be “Long in the Tooth” like me. Please, Mr. Geek Guy, give us old pharts from the stone age a break & add just a wee bit more info on your tips!

  24. Chopper

    One problem i’m having is with silver light i can’t seem to add photos to msn now after doing this is and no i never disabled that addon!!!

  25. MidwestGuy

    Browse in a sandbox (Sandboxie) and don’t even worry about the settings.

  26. zarnaik

    Is this a similar function to the one Opera has as standard?

  27. Yoshiyah

    Everybody hopping on the Google Chrome bandwagon! That’s fine by me. I hope you all enjoy Google and it’s data mining.

  28. Eric Z Goodnight

    @Geek: BTW To do this on a Mac, you have to go to the top menu bar, Chrome > Preferences, then Under the Hood > Content Settings. You can’t pick “Click to Play,” but you can disable it, then use the button in the address bar to enable on specific pages how you’ve shown.

  29. jester

    AdBlock doesn’t make browsing safer. It just does what it’s named: blocking ads. Yes, certain ads can lead you to unsafe websites, but its primary purpose is to block those annoying ads.

  30. RandyN

    Thoroughly enjoying Google’s data mining, thanks for your input.

  31. joseantonio

    does firefox 4 have a similar option?

  32. DavidQ

    In Chrome 10.0.648.204 on Windows 7 SP1 64 bit I enabled Click-to-play, restarted, selected Click-to-play in the Plug-in options, then disabled Flash, and finally restarted again. At youtube I get the message “you need to upgrade to Flash 10″ (which, of course, I have). No alert box to disable the block. I even try adding an exception pattern [*.]youtube.com. Restarts all around. Still no joy. I reenable Flash plug-in and all is well again. What am I missing?

  33. DavidQ

    Figured it out. Must have misunderstood the step about disabling Flash and Java. When I Enabled Flash, but left the Click-to-play stuff in action, it worked. Seems like a bit security win. Thank you.

  34. AG

    @THE GEEK

    You completely missed the point. If you enable the Click to Play feature, it will suddenly be disabled with no notice when Chrome auto-updates. Worse, instead of setting things back to Play All as it should, it defaults to Block All when Click to Play gets removed.

    This bug makes it totally useless in my opinion.

    I wasn’t advocating AdBlock as a valid replacement. I was just saying that’s all I install or set by default.

  35. Erwin

    Some people seem to have missed the point that they should actually type or paste “about:flags” in the adress line … then they will see the options …

  36. Larry

    What does ‘data mining’ mean? what kind of ‘data’ is google mining from me? “Data” on things I search for? “Data” on things I buy online? “Data” on games I play? “Data” on news I read or pictures I look at?

    Big fat hairy deal, it simply means that most of the ads I’m seeing in chrome are based on my interests & previous product searches. Kind of makes the whole experience more personalized if you ask me.

    I’ll keep my top secret medical research data – anti government propaganda – alien pornography photos – etc, etc, etc…. all on a more secure PC that isn’t even plugged in to a power outlet – let Google mine that – HAH!

  37. arj

    working with youtube but not with facebook. it needs to install some plug in to continue

  38. Brandon

    Would this also apply to Chromium?

  39. PeterScott

    Many thanks for this. It works better than the flashblock plugin that misses many adverts.

    BTW for those who want to cut down on Google tracking. Use SRWare Iron( I do). This is the open source build with call home to Google disabled.

    Does anyone know how to stop animated gifs from playing?

  40. arj

    Iron browser is good but you need manual updates if it’s available

  41. Chicago Bob

    WOW! Did I ever open a can of worms, when I tried this out. I’ll admit that I’m not the smartest Turnip on the truck. But it took two hours to undo all the harm I did.

    Watch out now? Unless your sure your smarter than an old Turnip?

    Bob.

  42. James

    I just use the “FlashBlock” extension. It’s a lot easier and even allows you to whitelist sites that should always display flash.

  43. Mhhh14669

    Opera had this feature for years.

  44. RichardS

    Isn’t the solution for the plug-ins to be secure in the first place? I shouldn’t need programs to alter programs because the latter don’t work correctly. They should work properly first time. There is no acceptable reason why software is insecure. The whole design of PCs assume that the users want to fiddle with them. Most don’t. If I pick up my hammer to hit a nail in – it works first time and does what I want. PCs are tools – pure and simple. Why do we accept these inadequate, time consuming and frustrating devices? We need a sensible and affordable alternative – simple, easy to use, does what it says on the box at a price we can all afford.

  45. HellScream

    @ Mhhh14669
    Opera had this feature for years. < i agree :D

  46. Jason B.

    @RichardS You’re absolutely right. All software should be secure, thus eliminating the need for workarounds like this. Also, we should completely eradicate all malicious microbes on the planet, so that no one will ever have to take antibiotics. But, since software bugs can no more be eradicated than all disease can, we’ll just have to keep using these workarounds for the time being.

  47. Ben

    Ok, I’ve typed about:flags into the address bar and hit enter several times……..all I get is a blank page…

  48. muntoo

    @Alendra There is: NotScripts for Chrome.

    It’s not perfect, of course, and isn’t as “unintrusive” as NoScript, but it does the job.

  49. carol gibson

    Here’s a rudimentary question. Normally I keep things simple with email, but I do a lot of browsing. What I’m wondering is: if you see that crunched up unhappy looking icon – does that mean you’ve gotten a virus?

  50. JungleBoi

    @JasonB, RichardS is correct: It *is* possible to develop more secure solutions.

    f all consumers were to stop spending (read complete halt) until we devised a more secure plugin implementation, brutha, it would be devised – and quickly. Why not instead challenge him to develop it?

  51. TMZ

    http://www.howtogeek.com/58058/how-to-enable-flashblock-in-chrome-and-make-it-5000-more-secure/?utm_source=newsletter&utm_medium=email&utm_campaign=080411#comment-126735

    In regards to the comments by AG and Geek about updating and losing settings. I agree with AG that there is a problem and Geek noted a semi-workaround.

    Sad reality, this seems to be a norm these days. Somehow, the “savings”.ini file for keeping your hard earned tweaks likes to vanish, without warning.

    Hmm… seems to be a corporate scheme > :D

    The bonus side, there is none. Incororate a “reset or save settings function” into your d@ng wrappers.

    Woa… rocket science updates :)

    Opera made it work, fairly well too. Had a couple bobbles but there was some notice about, if any so long as you were not the initial guinea pig ;/

    I still think it was a conspiracy tho.

    Please excuse my pathetic flubbering.

  52. Dwight Stegall

    You must go to some really bad sites. I have been online for 15 years and not one of my computers have ever had an infection.

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!