Securing Google Chrome
Open Google Chrome options by clicking Customize and control Google Chrome button (three horizontal bars aka "hamburger", previously wrench icon) in the upper right corner and clicking Settings.
A new browser tab opens with Settings tab activated on the left.
If you synchronize your Chrome data and settings between different computers, click the Advanced sync settings... button.
In the Advanced sync settings window, select the Choose what to sync option from the top combo box and make sure you do not sync Passwords - a web browser should not be used to store these because any malware can easily steal the stored user names and passwords.
Next, click the Show advanced settings... link to reveal hidden (but very important) options.
In the Privacy section, click the Content settings... button.
Google Chrome Content Settings window opens.
Those extremely privacy-concerned, can activate the Keep local data only until I quit my browser and Block third-party cookies and site data options.
Most users should choose the Allow local data to be set (recommended) option here.
Some sites may not work properly after you enable the Keep local data only until I quit my browser option, especially the ones with two-factor/two-step authentication. Common examples of 2FA include Google services (YouTube, GMail, etc), Microsoft accounts, Facebook, LinkedIn, Twitter, etc. To prevent login troubles on such sites, click the Manage exceptions... button, input site names as instructed and choose Allow from the right. Click Done to apply changes - allowed cookies will be kept until they expire, or you choose to delete them manually.
Scroll down to Plug-ins section. The Click-To-Play feature prevents all active plug-ins, such as Adobe Flash Player or Java from running content automatically. The main purpose of this feature is to prevent drive-by-attacks that use hidden frames to infect computers. If this feature is enabled, you'll see a Click to run plug-in button instead of such content.
If you want to use this protective measure, and you do not mind extra clicks for enhanced security, select the Click to play option. Remember, the Manage exceptions... button allows you to specify sites where plug-ins are always allowed.
For lazy users, the default Run automatically (recommended) option is mostly fine, too.
As common in any browser, disable pop-up windows (read: annoying ads ) by choosing the Do not allow any site to show pop-ups (recommended) option in the Pop-ups section. To exclude some sites from pop-up blocking, use the Manage exceptions... button.
To disable location tracking (geolocation), enable the Do not allow any site to track your physical location option in the Location section. You do not need to show sites or people where you currently are - you might accidentally reveal too much personal data this way. In case you do want to give a specific site access to your location data, click Manage exceptions... button and add the site address to the list.
Desktop Notifications feature enables web sites and extensions pop up windows with messages even when Google Chrome window is not active. The most innocent example of the notifications is the GMail new mail alert - you'll see a message whenever a new mail arrives in your GMail mailbox (if you have one). But this might go much further with intrusive messages filling your Windows desktop while visiting a malicious web page. To disable Desktop Notifications completely, select the Do not allow any site to show desktop notifications option. If you sometimes need the feature, select the Ask when a site wants to show desktop notifications (recommended) instead.
In the Mouse cursor section, select the Ask when a site tries to disable the mouse cursor (recommended) option. Most sites should not be allowed to hide the pointer.
Protected content section allows turning unique identification features on or off. If your privacy is more important than ease of access to content services, clear the Allow identifiers for protected content check box. If not, you can safely keep this one ticked.
In the Media section, use the Ask when a site requires access to your camera and microphone (recommended) option if you play interactive games or do video/audio communication. Those very cautious can select the Do not allow sites to access your camera and microphone option to disable the feature completely.
Please note that since Chrome 26, Adobe Flash Player settings for Chrome are handled at this Macromedia web page. For all other browsers, follow instructions in the Securing Adobe Flash Player article.
The recommended setting in Unsandboxed plug-in access section, Ask when a site wants to use a plug-in to access your computer is fine, but those who need enhanced security can select the Do not allow any sites to use a plug-in to access your computer option.
In the Automatic Downloads section, leave the Ask when a site tries to download files automatically after the first file option selected. This means that malevolent sites and scripts cannot send files to your computer without you knowing about it first.
Finally, click Done to close the Content settings window.
Back in Privacy section of Settings tab, make sure that Enable phishing and malware protection and Send a "Do Not Track" request with your browsing traffic are checked. The first one will keep you away from malicious sites and downloads, the second one will prevent some usage tracking by advertisers. You can also help Google in identifying malicious downloads by turning on the Send suspicious downloaded files to Google option.
Those very concerned about their privacy can clear the following check boxes to minimize usage tracking:
- Use a web service to help resolve navigation errors,
- Use a prediction service to help complete searches and URLs typed in the address bar or the app launcher search box,
- Predict network actions to improve page load performance,
- Use a web service to help resolve spelling errors,
- Automatically send usage statistics and crash reports to Google.
Please note that enabling the "Predict network actions to improve page load performance" option can make Google Chrome very slow and even unresponsive while loading some pages. You might want to disable it at all times.
In the Passwords and forms section, clear the Offer to save your web passwords check box. This is very important because malware can easily steal all user names and passwords for sites you have visited (including your bank!). Use free Password Safe for remembering user names and passwords instead.
And finally, you can clear the Continue running background apps when Google Chrome is closed check box in the Background Apps section. This will close all apps with Chrome and, for example, prevent Desktop Notifications from GMail appearing while Chrome is not running.
The option is mainly meant for those who are very concerned about their online privacy.
The Use hardware acceleration when available option is up to you: on some systems it slows Chrome down to a crawl, on others it speeds everything up. Try it out for yourself.
The Reset browser settings button allows restoring original default settings if you've messed something up real bad. This is your last option in case Chrome is slow or crashes often.
That's it - close the Settings tab in Google Chrome.
Additional free security plugins for Google Chrome
To stay away from malicious sites and downloads, use WOT Safe Surfing Tool. It also shows site ratings in search engine results (Google, Bing, etc) and on Facebook and Twitter.
Use Trusteer Rapport (aka Trusteer Endpoint Protection) for securing your account data and money from data-stealing malware.