There are specific issues with cloud based machines, but it affects all systems just like spectre. There are a few vectors, some are not cloud specific.
Whether cloud or not, the exploits require hostile code running on the processor. Of course it is possible to download hostile javascript and people do that all day long. But there is always a question whether the javascript engine allows enough control over memory reading to complete the exploit. Also such attacks are relatively easy to block, not just turning off javascript, but limiting it, or even just switching browsers.
In contrast, the code running on virtual servers in the cloud has a lot more power and flexibility to carry off one of these attacks.