[ashleyn]

Sounds like it's time for me to give up on the so-called "modern web" and install noscript.

[yorwba]

You can have both "modern web" and block most JavaScript. You just need to keep adding scripts to the whitelist until sites you trust work again. It's a bit arduous at first, but possible to get used to once everything you visit daily has been added.

[meepmorp]

Unless, of course, the site you trust is hosted in a shared hosting VM which is also vulnerable to spectre or meltdown. In which case, you can’t trust the scripts.

[XR0CSWV3h3kZWg]

spectre can read, not write.

[meepmorp]

If I can read arbitrary data, what’s stopping me from reading the credentials I need to write data?

[anfilt]

What if I read the sites TLS/SSL keys? I could MITM the connection and inject JS to do more malcious thing.

Or even easier get the ssh key for the VM. Then do what ever I want.

[dtparr]

If it can read the right data (private keys, etc.), then it can write whatever it wants.