When a browser ships an older Chromium version, its users are exposed to known, already-patched security vulnerabilities. Attackers actively exploit these flaws, since the fixes are public in Chromium's source but not yet shipped to users of the lagging browser.