It has a LOT to do with browsers and web. It has a lot to do with anything which runs a code downloaded somewhere from internet. Browsers with their java script engines are the first and the most easy target That is because the browsers run any java script from any hacked or malicious web site. Some email clients can interpret java script too. Disable java script in email client (if it executes it at all - most probably do not do it nowadays). Disable java script in browser or update the browser. It is recomended to use some ad blocker and preferably also something like uMatrix to limit the amount of malicious scripts your browser is running. This is a good idea not only because of Spectre/Meltdown.

In general, be careful about downloading and running executable (binaries) from web sources which you do not know to be reliable. But the point is that if you already do this then you have much more to worry about than Spectre and Meltdown. Spectre/Metldown are "only" information leaks. Running some random code from internet is potentially executing a malicious code directly. You need to care not only about Spectre/Meltdown but also about all the data accessible or modifiable to the account running the process as well as all the local privilege escalation bugs.