CVE-2023-29354: 
vulnerability analysis and mitigation

Microsoft Edge (Chromium-based) was found to contain a Security Feature Bypass Vulnerability, identified as CVE-2023-29354. The vulnerability was discovered and reported to Microsoft, with the initial CVE record being created on April 4, 2023. The vulnerability affects Microsoft Edge (Chromium-based) versions up to (excluding) 113.0.1774.35 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.7 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction. The scope is changed, with low impact on integrity and no impact on confidentiality or availability (NVD).

The vulnerability, being a Security Feature Bypass issue, could potentially allow attackers to circumvent security features implemented in Microsoft Edge. The CVSS scoring indicates that while the vulnerability has a network attack vector, its impact is primarily limited to integrity-related concerns, with no direct impact on system confidentiality or availability (NVD).

Microsoft has released a security update to address this vulnerability. Users are advised to upgrade to Microsoft Edge version 113.0.1774.35 or later to mitigate the security risk. For Gentoo Linux users specifically, the fix is available in Microsoft Edge version 113.0.1774.50 or later (Gentoo Advisory).