From what I've read, Java isn't banned from Chrome on OS X, but it doesn't work because OS X Java 7 is 64-bit only and Chrome is 32-bit only.

Some of those clients' security involves (among other things) firewalled private networks, biometric access controls overseen by armed guards, and a requirement to provide complete systems free of charge for several months of testing and auditing before any new software roll-out is approved. There is no such thing as easy and painless upgrades in that kind of environment, and that is by design. You don't exactly want the patient records in your healthcare systems or the performance monitoring tools with access to all of the traffic on your telecoms infrastructure or the card processing systems at your bank to be accessible on the public WiFi, after all.

These are the exact opposite of the kinds of places you would expect an untested Firefox update to show up. You are being inconsistent. Is it a tightly-controlled environment or not?

The environment in which these devices exist and the environment in which the machines used to access them exist are not necessarily the same. Obviously they will be connected in some way, but it is perfectly rational to want to apply security updates to staff computers that might encounter software or data from external sources but which might also be used to access in-house systems that are tightly controlled.

Yep, banned on OS X, kind of frustrating since I need to use Java for work occasionally, and when I click on the link and it redirects after opening in Chrome I need to go back, copy and paste the link into Firefox.