An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review.
https://gist.github.com/Brucewebva/ceb365b7cea0d0b8ec0ce6755177de83