After Spectre and the Spectre NG (Next generation Spectre), where exploits saw passwords and other data leaked from memory, one would have mistakenly thought that NG would have been the last of the related security vulnerabilities.
Dr Christian Rossow published a paper detailing a new ‘inverse’ predictability attack. The security flaw relates to the return address for runtime optimization which is predicted by the CPU. If the malicious actor manipulates the prediction then access to the running program is granted. a Practical example would be a website executing Javascript and gaining access to the web browser (passwords/memory/clipboard/etc)
You can Download the PDF here: ret2spec-ccs2018
The paper is available here: https://christian-rossow.de/publications/ret2spec-ccs2018.pdf