Any app can open a webpage, it is the same basic URL that is used when you click a link on a webpage and is how you are able to browse the internet. Web browsers access several other webpages using URL's without any user interaction from clicking a link. The page is made up of pictures and content that may have come from several other URL's. You don't provide consent for each element of the webpage that loads from another location as you could be doing that 50 times just to view a single page. That is true for apps also. They use these same URL's to load remote content and can open a page with a URL.
Nothing bad happens when a web page opens and it is not a security concern. It is annoying and why the app developer gets paid top dollar for those ads. Some developers have an in-app purchase that they would prefer you would use to avoid ads altogether. They are going to get their money one way or another and will use ads as long as you continue to use their app. Your options are to complain to the developer of the app or quit using it altogether if you do not like their tactics. That choice is yours.
As for what else they are getting about your privacy. Nothing from the ad they have open in your browser. Any information they have is from what you have already given them, such as your financial details, purchases, or search history in the app. The ads that claim you have viruses are just trying to scare you into downloading software to fix a problem you do not have. Nothing unusual about those.
