Opt Green: KDE Eco's New Sustainable Software Project

The browser is not alone, it works in concert with the kernel, and there are lots of tricks the kernel can use to mitigate these vulnerabilities (both between userspace and the kernel, and between the sandboxed JS process and the other browser processes) even without firmware help.

> Even at the OS level, these "mitigations" generally consist of completely disabling hardware features, usually with _severe_ performance impacts. If said features can even be disabled at all.

The main "completely disabling hardware features" mitigation is disabling SMT. Other than that, most non-microcode mitigations are AFAIK code to block speculation (or make it harmless) at key points, which does have some performance impact, but not severe enough to make the hardware unusable. If you can accept some performance degradation, you can have good enough security even after the hardware maker stopped support for that hardware.