It'd launch the browser app. You can have your evil page redirect to a benign page so it just looks like Chrome randomly opened or whatever. It is not as powerful as full network access as you can only send so much information in query parameters, but if you are doing some phishing or stealing sms 2fa codes or whatever then it is plenty to send back whatever payload you wanted to.
And of course basically every app requires internet permissions for ordinary behavior. The world where an explicit internet permission would somehow get somebody to look askance at some malware that they were about to download is just not believable.
And of course basically every app requires internet permissions for ordinary behavior. The world where an explicit internet permission would somehow get somebody to look askance at some malware that they were about to download is just not believable.