Basically, it seems to allow programs to access memory that they shouldn't be able to access, so malware could potentially do things like read passwords and encryption keys that are supposedly 'safely' stored inside the operating system where no application should be able to read them. From what little that's been released, it seems to be a problem with the way Intel CPUs will execute instructions and then throw the results away if it later turns out that the instruction wasn't meant to be executed (including if it's trying to access memory that it wasn't allowed to access).
And, given the rush to fix it, it would appear to be a serious problem.
On the plus side, the fix is unlikely to have much impact on normal desktop users. But could be a big performance hit on servers, particularly those running VMs (aka 'the cloud! the cloud!').
However the bug may work, someone claims to have been able to use it to read memory in one VM from another. Which means malware on a 'the cloud!' server could read data from any other VM running on the same server. Of course, they may just be making it up, since few people actually know what the bug is right now.