The "branch history injection" hardware vulnerability

When Spectre first came out, I seem to remember one of my then coworkers establishing that it could be used to extract administrative passwords to the company's main production private cloud from an unprivileged VM on that cloud in minutes. I would not underestimate these things if I were you.