In Chrome all you have to do is open up the Settings menu and go to “Under the Hood > Content settings…”
Scroll down to Plug-ins and set it to “Click to play.” Chrome’s options don’t have a save button, so as soon as you make changes they will apply.
Additionally, you can completely disable or enable specific plugins on an individual basis.
Now whenever a website tries to use a plugin, it will require that you click it in order to run.
Granted, there’s always more you can do when security is concerned however this is a nice and easy tip to put one more layer between you and the bad guy.