CVE-2023-29345: 
vulnerability analysis and mitigation

Microsoft Edge (Chromium-based) was found to contain a Security Feature Bypass Vulnerability, identified as CVE-2023-29345. The vulnerability was discovered and reported to Microsoft Corporation, with the CVE record being created on April 4, 2023, and publicly disclosed on June 7, 2023. This security issue affects Microsoft Edge versions up to (but not including) 114.0.1823.37 (NVD, CVE).

The vulnerability has been classified with a CVSS v3.1 Base Score of 6.1 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The weakness has been categorized as CWE-79, which refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

The vulnerability could potentially lead to security feature bypass in Microsoft Edge (Chromium-based). Based on the CVSS scoring, it has low impact on both confidentiality and integrity, with no impact on availability. The vulnerability requires user interaction but can be exploited remotely without requiring privileges (NVD).

Microsoft has released a security update to address this vulnerability. Users are advised to upgrade to Microsoft Edge version 114.0.1823.37 or later. For Gentoo Linux users, the vulnerability was addressed in version 120.0.2210.61 of the www-client/microsoft-edge package (Gentoo Security).