You started this thread to warn about the risks of running untrusted JavaScript before the appropriate mitigations are in place, yet you expect people to open a PDF from misc0110.net with no additional context?
Its actually the page of one of the researchers (Michael Schwarz) who found the javascript keystroke timing attack (which is in the paper in the link).
He is also one of the authors of the Meltdown/Spectre CPU Attack papers so the document is actually worth reading
The link goes to a site with a spammy-looking domain, and there's no reason to assume a URL with .pdf at the end is actually a PDF. There's nothing stopping the server from serving a malicious JavaScript file instead.
Assuming it's safe based on available information is very bad. Even your comment isn't enough because you could be working with someone to drive people to a malicious link.