Is that why you think everybody is scrambling to patch operating systems, drivers and browsers? Just so they can watch how the patches have no significant impact on system security anyway?
Mozilla
patched Firefox since they feared exploits could be found to take advantage of these vulnerabilities: just JS code from a compromised web server, no initial malware deployment necessary.
Impact on who? Cloud providers and servers yes. Consumers? Much less and exactly because browser have been patched and I use a script blocker anyway.
Perhaps we need an explanation of why home users need to worry about this?
Other than applying whatever patches come out, and maintaining our anti-virus software, I'm not sure what we can do about it anyway?
I'm 100% certain I will get nothing other than the MS W10 patch.
I will be shocked if I get a BIOS update out of ASUS.
I doubt I will get a microcode update, although that may have been with the MS W10 patch. I have no idea, really.
First off security experts advise against using anti-virus because these programs are attack vectors themselves.They are far from secure.
Most antivirus software is like giving yourself cancer so you don't catch a cold.
Why home users should not worry? Because there are 1000th of simpler methods to get your money directly or by stealing passwords. And money is all the hackers really care about. Cast a wide, simple net and something will stick in it.
For example read
this story. Yeah fictional but plausible and doesn't require deep CPU architecture knowledge. It's pretty simple and effective. I mean the guy that found Spectre had been working on this since 2005 or 13 years. he is basically the sole expert on this.
And the main point applies. If you follow safe-practices you avoid getting malware in the first place. If i can install malware on your PC, i can install a key-logger like and kid could and get your passwords. Once you are at the point that someone can install malware / run their code on your system, all bets are off.
Yes, the fact that this could be done via JavaScript (browser) is a huge issue but that has been fixed. To get affected by this you need the malware installed and changes of catching ransomware or a keylogger s just a lot higher.