The exploit is conceptually simple. I mean, I would be probably able to implement it.
What it (meltdown, spectre is a bit different) allows you to do is to read ALL system memory, including memory of other applications and of OS kernel. Of course this is useless for attacker in a scenario where you use your computer just by yourself and work under user with admin privileges (then an application can already do that, maybe with one tiny UAC prompt 80% users would click "allow" on).
But it is devastating in multiple-user environments and in virtualization/cloud. You could read stuff from other people's accounts, admin passwords, ... Also, somebody already implemented the principle in javascript, so now websites can read memory from your browser including stored sessions for your other websites and your passwords (until you upgrade your browser to get fix, that is)