Yea I don’t have it for chrome either. There’s a setting in chrome which allows you to click to enable plugins. I use this for two reasons, annoying flash ads are blocked and security reasons like this.
The vulnerability allows attackers to use a custom web page to force systems to download and run an arbitrary payload – for example, a keylogger or some other type of malware. The payload does not need to be a Java app itself.
In the form in which it was discovered, the exploit only works on Windows machines, because the payload that it downloads is a Windows executable. But the hackers behind the Metasploit penetration testing software say they have studied the exploit and found that it could just as easily be used to attack machines running Linux or Mac OS X, given the appropriate payload.
Exploiting Java, Through Java, Without Java.
Seems legit. I asked my computer science teacher and my highschools server manager about this. Basically its bullshit.
After seeing that second one you posted I can see how its real.
According to Symantec: "The vulnerability consists of a privilege escalation due to a class that allows access to protected members of system classes, which should not be accessible. Because of this, malicious code can bypass the restrictions imposed by the sandbox and use the 'getRuntime(0.exec()' function."