IMO, The media response to the flaw is vastly overblown, which is about what you can expect for any security-related issue.
"Meltdown" is a security issue related to speculative execution on Intel Processors which (allegedly) dates to the Pentium Pro and affects all x86 processors save certain Atom chips. It allows local processes, by carefully manipulating their specific Assembly instructions and use of the CPU cache, paired with tight timing (it is a race condition, after all) to possibly read small segments of memory from areas within the process address space that they would typically be restricted from accessing.
Spectre is a related vulnerability which is largely the same but doesn't allow directly reading information but allows otherwise restricted information to be "guessed" based on specific timings of page faults under certain instructions.
As far as I can tell, both exploits require the ability to execute direct machine code- eg Local Machine access, so the attack surface is not particularly wide. Of course, a vulnerability in a web browser which allows a piece of javascript to "escape" the sandbox and run arbitrary assembly code might be able to read restricted memory addresses....
But then we also have ASLR, which randomizes the Address Space Layout of processes in largely unpredictable ways. And the process is incredibly slow to read these areas of memory as the turnaround time is rather long (for software) and the throughput is small. You would have to no precisely where to look for something to get anything that was particularly valuable/secure.
There are claims that this will allow free access, via Javascript, to all of your physical Memory; or that it will allow malicious websites to steal SSL certificates and signing keys. But it only allows access within the same process address space and things like SSL certificates and signing keys aren't usually kept in Kernel memory anyway- a javascript exploit that allows you to read the process memory of the browser normally doesn't really need an exploit to run amuck.
And it's unclear how ASLR might factor into this, as well. It seems like at best it will make the segments of data that are from privileged areas of memory that are accessible to user-mode code through the vulnerability unpredictable.
Personally I think the media response is the same old security circus they make about every "security issue" the only real winners are the vendors of security software, who get more customers because everyday users have been frightened by the idiotic coverage. The fact that infecting your typical user typically requires nothing more than a readme file saying to shut off their AV and to run it as administrator, and certainly doesn't require some elaborate, complicated CPU security flaw that requires assembly language and tight timings to pull off.