There are many kinds of vulnerabilities. Most are pretty mundane afaict. Breaking sandboxes and reading out your entire RAM is basically game over, existential vulnerability (second only to arbitrary code execution, though it can give you SSH keys I guess).

The mitigating factor is actually that you don't go to malicious websites all the time, hopefully. But it happens, including with injected code on ads and stuff that may enabled by secondary vulnerabilities.

I challenge you to name another readily available "read arbitrary RAM from userspace"[1] vulnerability.

[1] Not even including "potentially exploitable from JavaScript", which Spectre was. It's sufficient if you name one where an ordinary userspace program can do it.

Can't you trivially do this with 4 lines of C?

Only if you already have the ability to read arbitrary RAM. So running in kernel/hypervisor mode.

The exploit is being able to do it from usermode through an api (browser/js) that normally forbids that.

Userspace can only access its own memory, rather than the whole systems.

Userspace processes can only read their own memory, or what has been shared with them.

so how do programs like Cheat Engine and WeMod work, on windows? they don't request an administrator password, and i can tamper with any processes' memory i've tried, including firefox.exe and the like.

https://cheatengine.org/

https://www.wemod.com/