The bugs, discovered by external security researchers and labeled as CVE-2023-48424, CVE-2023-48425, and CVE-2023-6181, pose a risk of supply chain interception, where hackers replace legitimate software updates with malicious versions.