What is the exposure really? If I go home and watch youtube all night, my yt password might be exposed? Assuming MS and Google don't just automatically load up all my passwords in memory. They probably do...
Anything that's in memory can be read if someone manages to run code in userspace, the latter typically not being considered high risk. When you visit a website, this happens all the time. This vulnerability means malicious people can intercept any password, like your administrator password, encryption passwords and keys, SSL keys, you name it. In fact, they can intercept anything they want, but it makes more sense to go for short snippets of valuable data that give access to the other data. They can help themselves to everything that keeps the internet, your data and your money safe. You use encryption all the time without even realizing it, like when you browse this website. Our modern world is literally built on the protection this grants us and that protection is potentially gone. Obviously, with your passwords being exposed, you can then completely own a system and all the data on it.
At the same time, we shouldn't overstate the reach of this vulnerability. It doesn't mean attackers can take over your system without executing code on your side and it also doesn't mean they can just alter data or take over a system directly. That can be a consequence of what they learn, but the primary issue is that data that is supposed to be inaccessible and secret can be recovered and funnelled away.
When you know this, you might also understand why people are so worried about enterprise and cloud environments, where many customers often share the same underlying hardware thanks to virtualization. It means that a fully patched and completely up to date server can be attacked by code run on another virtual server sharing the same hardware, recovering passwords, databases, encryption keys and more. This is the primary worry everyone has, as it's how almost the whole internet is constructed. Only after that there are worries about individual systems. When criminals can't attack well maintained servers, they might very well attack much less well maintained computers at home.
However, with the flaw being in the hardware and not in the software it seems we might be able to mitigate the risk, but experts aren't sure it can actually be made safe without changing the hardware. Obviously, changing all the hardware in the world isn't done overnight, and isn't very economically and logistically feasible. We're still learning about the vulnerabilities, so it may turn out to be workable in the end or we may discover that we really do need to replace everything eventually to be completely safe.
If this were just about your Youtube password being exposed, we wouldn't have heard about it.