Here is the reason for updating GRUB.
See here for original article in German: Grub 2: Acht neue Schwachstellen im Bootloader | heise online
Grub 2: Eight new vulnerabilities in the bootloader
The developers of Grub 2 have reported several vulnerabilities. Some of them can bypass Secure Boot again, which significantly complicates the update process.
A whole bunch of security patches is pending for the bootloader GNU Grub 2. While some of these are delivered via package updates in Linux distributions, the complete elimination of all eight reported gaps requires that signatures be revoked again in UEFI Secure Boot.
This approach sounds familiar, after all, this was necessary in the middle of last year to the error “Boothole” in GNU Grub 2. But an updated revocation list of the vulnerable shims for the key database (DBX) is problematic, as the maintainer Daniel Kiper emphasizes in his message on the mailing list. In some cases, a fix for all gaps found is therefore currently not feasible on some systems, because then Secure Boot would no longer work at all, says Kiper.
A lengthy undertaking
The current update is intended to fix eight vulnerabilities. These were discovered in the course of a cleanup after “Boothole” in a major effort by three dozen external developers and the maintainers of the bootloader. At least some of the loopholes can be exploited to reload kernel modules without a valid signature despite an active Secure Boot. A detailed description of the individual gaps is provided by the announcement by Kiper.
If you want to fix this correctly, updating the faulty code is not enough. In addition, the signatures of the vulnerable versions must be at least partially blocked. However, this can mean that some systems can no longer start with Secure Boot.
There are already specific advisories from Debian, from Canonical to Ubuntu, by Red Hat and by Suse, which provide more specific information about the update process. All advisories emphasize that the thorough elimination of all gaps will be a lengthy undertaking in several steps and may also require rework by the administrators of the affected systems.
Therefore we recommend to reinstall grub on your systems, to apply all those fixes.
For users with dual-boot to Windows, you may want to restore the old behavior for enabling os-prober detecting your other OSs beside Manjaro. For that simply open a terminal and issue
echo GRUB_DISABLE_OS_PROBER=false|sudo tee -a /etc/default/grub && sudo update-grub