#TIL that Chrome now has a built-in plugin-blocking feature, so I can uninstall that Flash-block extension.

Settings > Under the Hood > Content Settings... > Plug-ins

I chose "Block all" rather than "Click to play". I can still unblock a particular instance by right-clicking on it and choosing to unblock, or unblock a whole page using the icon that appears on the right side of the address bar when any plugin is blocked. "Click to play" is slightly more convenient, but is theoretically vulnerable to clickjacking attacks. (That is to say, a malicious web site that is exploiting a vulnerability in Flash would merely need to trick you into clicking somewhere on the page to enable the plugin. Tricking you into choosing an option from a context menu is much harder.)

The web is so much nicer with Flash off by default... not to mention more secure.

Note that blocking plugins will break some sites in weird ways, so if a site is mysteriously not working right, you may need to try un-blocking plugins. Don't enable this setting on a non-tech-savvy user's computer.

(Tip found in +Peter Kasting's long post about Chrome security.)
Shared publiclyView activity