The Department of Homeland Security says despite some fixes to Java, it continues to recommend users disable the program in their Web browsers, because it remains vulnerable to attacks that could ...

A recent Java 7 update allows users to completely prevent Java applications from running inside browsers or to restrict how Web-based Java content is handled by the Java Runtime Environment client.

This can be exploited to execute arbitrary code when a user visits a malicious web site using a Java-enabled browser e.g. Safari or Firefox." ...

WebAssembly JVM promises to run ‘very large’ unmodified Java applications in modern browsers without plugins or a Java installation.

Oracle's new customer warnings are aimed at users of Java Web browser plug-ins, educating users about risks associated with older versions of Java and with uncertified Web-based apps.