CVE-2023-21794: 
vulnerability analysis and mitigation

Microsoft Edge (Chromium-based) was found to contain a spoofing vulnerability identified as CVE-2023-21794. The vulnerability was discovered and reported to Microsoft in December 2022, as indicated by the record creation date of December 16, 2022. This security flaw affects Microsoft Edge versions prior to 110.0.1587.41 (NVD, Microsoft Advisory).

The vulnerability has been classified with a CVSS v3.1 Base Score of 4.3 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is categorized under CWE-290 (Authentication Bypass by Spoofing), indicating its potential to be exploited for spoofing attacks (NVD).

The vulnerability could allow an attacker to perform spoofing attacks against users of Microsoft Edge. While the impact is rated as low for integrity (I:L), there are no direct impacts on confidentiality (C:N) or availability (A:N) of the system (Microsoft Advisory).

Microsoft has released a security update to address this vulnerability in Microsoft Edge version 110.0.1587.41 and later versions. Users are advised to upgrade to the latest version of Microsoft Edge to mitigate this security risk (Microsoft Advisory).