Hadn't heard of it actually, but side channels have been an issue in browser security for a long time.

Spectre caused a lot of changes in JS like disabling high precision clocks. But I'm afraid clock proxies are everywhere. The API surface is gigantic and all you need is a single call that reliably executes in constant time on the samr thread