Re: A simple mitigation
When untrustworthy JavaScript has to be executed - do it in a VM running a Linux Live CD (no persistent storage) - kill the VM after using the site. This will protect against the majority of JavaScript nasties (but not Spectre/Spoiler/Meltdown unfortunately).
If you need maximum possible security - use a separate PC with no hard disk running from a Linux Live CD and shut it down after visiting the suspect site. (Inconvenient as hell but immune to all known software nasties.)