Having read El Reg's pretty good article [ http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ ] I would just take issue with the suggestion that the vulnerability could be breached by Javascript (malign code in e.g. a jpg maybe, but not just javascript in a browser). Putting on my very battered old security consultant's hat I would say it's time to evaluate actual risk on a per situation basis: If you are a company that has foolishly put the family jewels on someone else's computer because you believed in Clouds - then hope that someone up in the clouds can fix it! If you are running heavily VM'd in-house then look out for your own villains and try to air-gap your internet facing servers. If you've got a home PC don't worry about state-level actors - if they want you they'll get you. Oh but don't let your browser remember important passwords, and try to remember to switch off each time after doing your online banking.