Computer security experts are warning about a new vulnerability involving the Java plug-in, which allows programs to be run inside a web browser.

Oracle, the creator of Java, has long been criticized for allowing security exploits in its software to go unchecked.

The latest vulnerability, which has been circulating since last week, could allow hackers to gain access to a user’s computer with a so-called “drive-by download.”

While surfing the web, a user may be prompted to accept an legitimate-looking download, which triggers an attack. Hackers can sometimes also force a user to download a damaging file invisibly without their knowledge.

Experts suggest users should uninstall Java unless they find it absolutely necessary based on their regular web browsing habits.

If some of their most-visited websites require Java in order to operate properly, users can turn it on as needed and then disable it the rest of the time.