Open Google Chrome options by clicking Customize and control Google Chrome button (three horizontal bars, previously wrench icon) in the upper right corner and clicking Settings.
A new browser tab opens with Settings tab activated on the left.
If you synchronize your Chrome data and settings between different computers, click the Advanced sync settings... button.
In the Advanced sync settings window, select the Choose what to sync option from the top combo box and make sure you do not sync Passwords - a web browser should not be used to store these because any malware can easily steal the stored user names and passwords!
In the Encrypted data types section, select to Encrypt all synced data if you sync sensitive information. This option should be accompanied with enabling the Choose my own passphrase option in the Encryption passphrase section - if your Google Account is hijacked, your Chrome data will still be safe.
Next, click the Show advanced settings... link to reveal hidden (but very important) options.
In the Privacy section, click the Content settings... button.
Google Chrome Content Settings window opens.
Those extremely privacy-concerned, can activate the Keep local data only until I quit my browser and Block third-party cookies and site data options.
But remember, some sites may not work properly if using these options - never enable the settings above in case you are using two-factor authentication schemes, such as those on Gmail, Yahoo and Facebook! If you are, enable only the Allow local data to be set (recommended) option here!
Scroll down to Plug-ins section. The Click-To-Play feature prevents all active plug-ins, such as Adobe Flash Player or Java from running content automatically. The main purpose of this feature is to prevent drive-by-attacks that use hidden frames to infect computers. If this feature is enabled, you'll see a Click to run plug-in button instead of such content.
If you want to use this protective measure, and you do not mind extra clicks for enhanced security, select the Click to play option. For lazy users, the default Run automatically (recommended) option is mostly fine, too.
As common in any browser, disable pop-up windows (read: stupid disturbing ads ) by choosing the Do not allow any site to show pop-ups (recommended) option in the Pop-ups section. To exclude some sites from pop-up blocking, use the Manage exceptions... button.
To disable location tracking (geolocation), enable the Do not allow any site to track my physical location option in the Location section. You do not need to show sites or people where you currently are - you might accidentally reveal too much personal data this way. In case you do want to give a specific site access to your location data, click Manage exceptions... button and add the site address to the list.
Desktop Notifications feature enables web sites and extensions pop up windows with messages even when Google Chrome window is not active. The most innocent example of the notifications is the GMail new mail alert - you'll see a message whenever a new mail arrives in your GMail mailbox (if you have one). But this might go much further with intrusive messages filling your Windows desktop while visiting a malicious web page. To disable Desktop Notifications completely, select the Do not allow any site to show desktop notifications option. If you sometimes need the feature, select the Ask me when a site wants to show desktop notifications (recommended) instead.
In the Mouse cursor section, select the Ask me when a site tries to disable the mouse cursor (recommended) option. Most sites should not be allowed to hide the pointer.
Protected content section allows turning unique identification features on or off. If your privacy is more important than ease of access to content services, clear the Allow identifiers for protected content check box. If not, you can safely keep this one ticked.
In the Media section, use the Ask me when a site requires access to my camera and microphone (recommended) option if you play interactive games or do video/audio communication. Those very cautious can select the Do not allow sites to access my camera and microphone option to disable the feature completely.
Please note that since Chrome 26, Adobe Flash Player settings for Chrome are handled at this Macromedia web page. For all other browsers, follow instructions in the Securing Adobe Flash Player article.
Since Chrome 24, you can also block unsandboxed plug-ins from automatically accessing files on your computer. The recommended setting, Ask me when a site wants to use a plug-in to access my computer is fine, but those who need enhanced security can select the Do not allow any sites to use a plug-in to access my computer option.
In the Automatic Downloads section (available since Chrome 30), leave the Ask me when a site tries to download files automatically after the first file option selected. This means that malevolent sites and scripts cannot send files to your computer without you knowing about it first.
Finally, click Done to close the Content settings window.
Back in Privacy section of Settings tab, make sure that Enable phishing and malware protection and Send a 'Do Not Track' request with your browsing traffic are checked. The first one will keep you away from malicious sites and downloads, the second one will prevent some usage tracking by advertisers.
Those very concerned about their privacy can clear the Use a web service to help resolve navigation errors, Use a prediction service to help complete searches and URLs typed in the address bar, Predict network actions to improve page load performance and Automatically send usage statistics and crash reports to Google boxes to disable any possible usage tracking.
Please note that the "Predict network actions to improve page load performance" feature can make Google Chrome very slow and even unresponsive while loading some pages. You might want to disable it.
In the Passwords and forms section, clear the Offer to save passwords I enter on the web check box. This is very important because malware can easily steal all user names and passwords for sites you have visited (including your bank!). Use free Password Safe for remembering user names and passwords instead.
Scroll down to the HTTPS/SSL section and put a check mark in the Check for server certificate revocation box. This setting will ensure that any web server's security certificate will be checked for validity before accepting it.
And finally, you can clear the Continue running background apps when Google Chrome is closed check box in the Background Apps section. This will close all apps with Chrome and, for example, prevent Desktop Notifications from GMail appearing while Chrome is not running.
The option is mainly meant for those who are very concerned about their online privacy.
That's it - close the Settings tab in Google Chrome.
To run your browser even more securely and protect it from zero-day attacks, use the free Microsoft EMET.