As known from SAP note 980772: A Java browser plugin is required for performing upload and download of files and other operations which require access to local resources in SAP GUI for HTML.
This blog tells a bit more about a Java popup that appears in most recent JVM versions and a possible solution for it.
I am also sharing news about the removal of the NPAPI from Chrome.
Most recent JVMs brought more security to end users. Among the new features, a popup, asking whether you want to use a given applet:
This popup is mandatory, except if you install the certificate locally in each end user computer, using the keytool application from Java.
As this brings an extra effort to the network administration team, there is another possibility: create a deployment rule. If you are interested in such possibility, you can follow this documentation from Java.
Note that the solution does not depend on SAP, as this is a JVM security feature.
JVM in Chrome
Google is advertising the end of NPAPI in Chrome. This is planned to happen as of version 45 of the web browser. With this, you cannot use the JVM with Chrome.
SAP is working in a replacement for the Java applet, which is expected to be available later on this year. More information can be found in SAP note 2208040.