Meaning of crossOriginIsolated property

I've wondered what the crossOriginIsolated property is on browsers and why it is only emitted when the properties Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy are set. After diving into it I've come up with what I believe is the reason. But first allow me to give a little context.

The internet was taken by storm when two vulnerabilities, Meltdown and Spectre, that affected nearly all devices online suddenly dropped. They are speculation attacks that can allow an attacker to read other process's memory and consequently allow data exfiltration. This process can be divided into two subprocesses, reading the data, and exfiltrating it.

1. Leaking private data into hidden CPU caches

2. Exfiltrate the data back to the attacker

.

This vulnerability is particularly dangerous for browsers as they constantly run untrusted JS when you visit a website. Before any of this, your bank.com tab would run on the same process as attacker.com. The Same-Origin Policy (SOP) would be the main defence against tabs reading confidential data from arbitrary tabs, however this was completely a software-driven approach.