So Spectre and Meltdown happened.
That was completely predicable, so much so that I, in fact, did predict that side-channel attacks, including those coming via javascript run in a browser, was the thing to look out for. (This was in the context of pointing out that pushing Wayland as a security improvement over plain old X11 was misguided.)
I recall being told that such attacks were basically nation-state level due to cost, complexity, and required target information. How is that prediction working out for you?