Tip: keyboard shortcut Ctrl+F searches in the page contents.

Securing Google Chrome

How to configure Google Chrome stable for safer internet browsing in Windows XP, Vista, 7, 8 and 8.1

By . Last modified: 2014-07-16.

Open Google Chrome options by clicking Customize and control Google Chrome button (three horizontal bars, previously wrench icon) in the upper right corner and clicking Settings.
Google Chrome, Tools menu. To configure Chrome safety, click Settings.

A new browser tab opens with Settings tab activated on the left.

If you synchronize your Chrome data and settings between different computers, click the Advanced sync settings... button.
Google Chrome, Settings, Sign in. Click 'Advanced sync settings' to control what you sync.

In the Advanced sync settings window, select the Choose what to sync option from the top combo box and make sure you do not sync Passwords - a web browser should not be used to store these because any malware can easily steal the stored user names and passwords!
Click OK.
Google Chrome, Settings, Sign in, Advanced sync settings. Select 'Choose what to sync' and clear the Passwords option.

Next, click the Show advanced settings... link to reveal hidden (but very important) options.
Google Chrome, Settings. To display hidden options, click 'Show advanced settings'.

In the Privacy section, click the Content settings... button.
Google Chrome, Settings, Privacy. Click the 'Content settings' button.

Google Chrome Content Settings window opens.
Those extremely privacy-concerned, can activate the Keep local data only until I quit my browser and Block third-party cookies and site data options.
But remember, some sites may not work properly if using these options - never enable the settings above in case you are using two-factor authentication schemes, such as those on Gmail, Yahoo and Facebook! If you are, enable only the Allow local data to be set (recommended) option here!
Google Chrome, Settings, Content Settings, Cookies. Select the 'Keep local data only until I quit my browser' option.

Scroll down to Plug-ins section. The Click-To-Play feature prevents all active plug-ins, such as Adobe Flash Player or Java from running content automatically. The main purpose of this feature is to prevent drive-by-attacks that use hidden frames to infect computers. If this feature is enabled, you'll see a Click to run plug-in button instead of such content.
If you want to use this protective measure, and you do not mind extra clicks for enhanced security, select the Click to play option. For lazy users, the default Run automatically (recommended) option is mostly fine, too.
Google Chrome, Settings, Content Settings, Plug-ins. Select the 'Click to play' option if you do not want plug-ins to run automatically. Google Chrome, 'Click to play' turned on. Use the 'Click to run plug-in' button to see contents.

As common in any browser, disable pop-up windows (read: annoying ads Tongue Out) by choosing the Do not allow any site to show pop-ups (recommended) option in the Pop-ups section. To exclude some sites from pop-up blocking, use the Manage exceptions... button.

To disable location tracking (geolocation), enable the Do not allow any site to track your physical location option in the Location section. You do not need to show sites or people where you currently are - you might accidentally reveal too much personal data this way. In case you do want to give a specific site access to your location data, click Manage exceptions... button and add the site address to the list.

Desktop Notifications feature enables web sites and extensions pop up windows with messages even when Google Chrome window is not active. The most innocent example of the notifications is the GMail new mail alert - you'll see a message whenever a new mail arrives in your GMail mailbox (if you have one). But this might go much further with intrusive messages filling your Windows desktop while visiting a malicious web page. To disable Desktop Notifications completely, select the Do not allow any site to show desktop notifications option. If you sometimes need the feature, select the Ask when a site wants to show desktop notifications (recommended) instead.
Google Chrome, Settings, Content Settings. In Location section, select 'Do not allow any site to track your physical location'. In Notifications section, select 'Ask when a site wants to show desktop notifications'.

In the Mouse cursor section, select the Ask when a site tries to disable the mouse cursor (recommended) option. Most sites should not be allowed to hide the pointer.

Protected content section allows turning unique identification features on or off. If your privacy is more important than ease of access to content services, clear the Allow identifiers for protected content check box. If not, you can safely keep this one ticked.

In the Media section, use the Ask when a site requires access to your camera and microphone (recommended) option if you play interactive games or do video/audio communication. Those very cautious can select the Do not allow sites to access your camera and microphone option to disable the feature completely.
Please note that since Chrome 26, Adobe Flash Player settings for Chrome are handled at this Macromedia web page. For all other browsers, follow instructions in the Securing Adobe Flash Player article.
Google Chrome, Settings, Content Settings. In Mouse cursor section, select 'Ask when a site tries to disable the mouse cursor'. In Media section, activate the 'Ask when a site requires access to your camera and microphone (recommended) options.

The recommended setting in Unsandboxed plug-in access section, Ask when a site wants to use a plug-in to access your computer is fine, but those who need enhanced security can select the Do not allow any sites to use a plug-in to access your computer option.

In the Automatic Downloads section, leave the Ask when a site tries to download files automatically after the first file option selected. This means that malevolent sites and scripts cannot send files to your computer without you knowing about it first.
Finally, click Done to close the Content settings window.
Google Chrome, Settings, Content Settings. In Unsandboxed plug-in access section, select 'Ask when a site wants to use a plug-in to access your computer'. Then, in Automatic Downloads section, make sure the 'Ask when a site tries to download files automatically after the first file' option is chosen. Click OK.

Back in Privacy section of Settings tab, make sure that Enable phishing and malware protection and Send a "Do Not Track" request with your browsing traffic are checked. The first one will keep you away from malicious sites and downloads, the second one will prevent some usage tracking by advertisers. You can also help Google in identifying malicious downloads by turning on the Send suspicious downloaded files to Google option.

Those very concerned about their privacy can clear the following check boxes to minimize usage tracking:

  • Use a web service to help resolve navigation errors,
  • Use a prediction service to help complete searches and URLs typed in the address bar or the app launcher search box,
  • Predict network actions to improve page load performance,
  • Use a web service to help resolve spelling errors,
  • Automatically send usage statistics and crash reports to Google.

Please note that enabling the "Predict network actions to improve page load performance" option can make Google Chrome very slow and even unresponsive while loading some pages. You might want to disable it at all times.
oogle Chrome, Settings, Privacy. Make sure that the 'Enable phishing and malware protection' and 'Send a Do Not Track request with your browsing traffic' check boxes are ticked.

In the Passwords and forms section, clear the Offer to save your web passwords check box. This is very important because malware can easily steal all user names and passwords for sites you have visited (including your bank!). Use free Password Safe for remembering user names and passwords instead.
Google Chrome, Settings, Passwords and forms. Disable the 'Offer to save your web passwords' option.

And finally, you can clear the Continue running background apps when Google Chrome is closed check box in the Background Apps section. This will close all apps with Chrome and, for example, prevent Desktop Notifications from GMail appearing while Chrome is not running.
The option is mainly meant for those who are very concerned about their online privacy.
Google Chrome, Settings, Background Apps section. To prevent Desktop Notifications from appearing after you close Chrome, clear the 'Continue running background apps when Google Chrome is closed' box.

The Use hardware acceleration when available option is up to you: on some systems it slows Chrome down to a crawl, on others it speeds everything up. Try it out for yourself.

The Reset browser settings button allows restoring original default settings if you've messed something up real bad. This is your last option in case Chrome is slow or crashes often.

That's it - close the Settings tab in Google Chrome.

Additional free security plugins for Google Chrome

To stay away from malicious sites and downloads, use WOT Safe Surfing Tool. It also shows site ratings in search engine results (Google, Bing, etc) and on Facebook and Twitter.

Use Trusteer Rapport (aka Trusteer Endpoint Protection) for securing your account data and money from data-stealing malware.

To protect Chrome from zero-day attacks, use the free Microsoft EMET. An even easier-to-use alternative for this is Malwarebytes Anti-Exploit.

Please support
No PayPal account required!

 Comments? Suggestions? Ideas? Let me know! 
Your name (public):
Your e-mail (will not be displayed):
Notify me of new comments to this item: (send e-mail to info[at] to stop receiving)
Your comments/suggestions/ideas (no HTML code!) owners reserve the right to remove or not publish comments that they find unacceptable because of strong language, inappropriate contents, advertising or spamming. Privacy Policy.
This is a captcha-picture. It is used to prevent mass-access by robots. (see:
Share: Facebook Google+ Twitter LinkedIn StumbleUpon Pinterest E-mail

Browser and plugin check Google Custom Search Donate to keep this site running