Computer security experts are warning about a new vulnerability involving the ubiquitous Java plug-in, which allows programs to be run inside a web browser.