From the linked article: "While the data stored in the cache is protected by virtual memory mechanisms, the metadata about the content of the cache, and hence the memory access patterns of processes using that cache, is not fully protected."

=> And this metadata seems be used to get to the keys/passwords from sibling processes: with memory-access time measurements for known crypto implementations...

You misread the explanation. Data from another process is in the cache, but your process can't access it (due to virtual memory protection). But you can still extract side-band information by measuring the cache latency.