The last few days at least 4 major vulnerabilities for Flash were revealed, as part of the leaked files from the Hacking Team compromise.
If you hadn’t done it before, now would be a great time to configure Chrome to not automatically play flash, but require a click-to-play action. The alternative would be to completely uninstall Flash, but that may not always be desirable if you consume content that still requires Flash.
Enabling the click-to-play is easily configured.
Click-to-play in Chrome
First, go to the settings page, either via the menu in the upper right or by typing
chrome://settings in the address bar.
Search for plugins in the search field and click on Content Settings.
Once in Content Settings, scroll down until you reach the Plugins section and chose the third option, Let me choose when to run plugin content.
Now whenever you reach flash content, you will be required to activate the plugin first by ctrl+click on the plugin area.
Alternatively, you can enable plugin content again by clicking the little icon in the right-hand side of the address bar.
Click-to-play in Safari
Thanks to Chris for the explanation, here’s how to do it in Safari.
For safari open Preferences and on the Security Tab open “Website Settings” next to “Internet Plugins”. They set the option “When visiting other website” to “Ask”.
Click-to-play in Firefox
Thanks to Jan for this heads-up. Here’s how to activate the “click to play” in Firefox.
In Firefox, go to Tools and Add-ons, then navigate to Plugins in the left-hand menu.
Go to the Flash plugin and change the dropdown on the right to “Ask to activate”.
If you hadn’t done so already, these recent security exploits for Flash should motivate you to enable click-to-play for browser plugins as soon as possible.