Polish security researchers have uncovered a security vulnerability which they claim leaves up to a billion PC and Mac users at risk.
The vulnerability is in the Java software used with web browsers such as Firefox, Chrome, Safari and Internet Explorer.
The bug allows cyber criminals to hijack PCs running Java, and potentially install malicious software at will. It is currently 'unpatched' which means that anyone using Java - used commonly on the web - is potentially at risk.
At present, there is no downloadable 'fix'. Users can stop their browser using Java, or uninstall it, but this may cause some websites and services to stop working. As yet, though, there are no documented cyber threats that exploit the vulnerability.
The vulnerability affects all versions of Java software.
The researchers, from Security Explorations, managed to bypass 'sandbox' protections to take control of PC systems.
Their findings have been forwarded to Oracle, makers of Java.
[Related: Cybergeddon - the story behind the terrifying new show]
"The impact of this issue is critical - we were able to successfully exploit it and achieve a complete Java security sandbox bypass," says Adam Gowdiak, who posted the news to the Full Disclosure security mailing list. "One billion users of Oracle Java SE software are vulnerable to yet another security flaw."
So far, no cyber criminals have taken advantage of the flaw. Earlier this year, criminal gangs took advantage of previous 'exploits' in Java to mount cyber attacks.
Norton's senior manager for security response, Orla Cox, said that a far Eastern gang of criminals called 'Nitro' used a previous Java exploit to mount attacks.