Spectre and Meltdown have been in the news lately, in addition to OS manufacturers browsers are attempting to mitigate the issue. It is actually possible to take advantage of the exploit via JavaScript.

I’m harvesting credit card numbers and passwords from your site. Here’s how.
There is a lot of sarcasm in this post, but it is a good thought experiment on security. Between NPM dependencies and everything an attacker could execute code on your site more easily than one would hope.