The browser plugin is just the attack vector.
The security flaw (or flaws, because
another has been found) exists in Java whether you use it stand-alone or via a browser plugin.
To be able to affect people who do not have the plugin installed you would need to get them to download the JAR file containing the exploit and run it locally, which while not impossible is a lot harder to do compared to hosting the exploited code on a website and sending people a link to it.