My QupZilla built from git in OBS without special patches is not vulnerable.
Final release of QupZilla was out about month ago. There wouldn't any new QupZilla releases. 2.2.6 is final. QupZilla is over, move to Falkon now. Anyway, both of them aren't vulnerable according to that site.
Some user has recently posted about spectre vulnerability in a portable qupzilla packaged by a third party https://github.com/QupZilla/qupzilla/issues/2638 . I went and searched about Meltdown and spectre; it seems desktop and laptop users are more vulnerable to this issue. This is what the link says
Is qupzilla vulnerable for these attacks and if yes, is there a patch available?