The bug was discovered by Tal Ater and reported to Google on September 13th. On September 24, a patch which fixes the exploit was completed, and three days later the find was nominated for Chromium’s Reward Panel.
Unfortunately, despite having the patch, Google hasn't released it yet. Reportedly, the delay is due to ongoing discussion within the Standards group who have yet to agree on the correct behavior.
Ater has now released his findings publicly in hopes that Google will release the fix to the public.
Here's how the speech recognition bug works.
When you click the button to start or stop the speech recognition on the site, what you won’t notice is that the site may have also opened another hidden popunder window. This window can wait until the main site is closed, and then start listening in without asking for permission. This can be done in a window that you never saw, never interacted with, and probably didn’t even know was there.
To make matters worse, even if you do notice that window (which can be disguised as a common banner), Chrome does not show any visual indication that Speech Recognition is turned on in such windows - only in regular Chrome tabs.
You can see a demonstration of the how the bug works in the video below...