Spectre vulnerability can be used to exfiltrate cross-origin data from any website. The vulnerability in affected CPUs has to do with speculative execution, which in certain situations can leave behind observable side-effects and result in data leakage to the attacker. All the attacker needs is a way to execute exploit code in the same executing context as other JavaScript handling sensitive data. The attacker could use the web supply chain, for instance, presenting itself as a useful library so that victims voluntarily add it to their webpages.
Source: https://www.helpnetsecurity.com/2021/03/25/spectre-vulnerability/