Spectre's a bit different IMHO because while it could be exploited to leak data, it was more like discerning info through instrumentation.
That's true, but I'd still class it as a bug ... except maybe on a CPU that could be guaranteed never to be asked to run any software that had anything to do with security of any kind ... if such a thing exists.
The people who make chips that are designed for security understand about things like side channel timing attacks and design the hardware so that every execution path runs in the same time, so timing attacks can learn nothing.
This is not new in, for example, smartcard designs. Attacks of this type were carried out in the wild on smartcards designed 30+ years ago -- measuring the length of time taken to verify a PIN, for example. Some cards stopped processing the check after the first wrong digit, so you could tell how many leading digits of the PIN were correct by seeing how long the check took.
This has led to an awareness of these problems in those designing chips for security, and newer chips are designed to defeat such attacks. Spectre is a result of designers of general-purpose CPU chips thinking that their products don't need that level of security, which is demonstrably false.