No fix available for critical flaw that’s been under attack since last week.
Category: plugins
It will be removed some time after the release of Java 9.
The Netscape-era NPAPI is now off by default in Chrome 42.
Even Oracle’s “high” security mode can’t mitigate latest exploits.