Before they were using a custom AES-based key derivation function which had not been strongly peer reviewed so Argon2 is a big improvement there in my book.
ChaCha20 over the existing AES-CBC... not as much, I feel more comfortable in that it's harder to screw up the implementation of it, but that's about it. CBC mode especially can have unexpected side effects unless used very carefully, ChaCha20 or any other strong stream cipher, even AES in CTR mode is somewhat easier to understand the side effects of.
So overall, not concretely in terms of known vulnerabilities, but in terms of predicted risks, I'd say certainly. Before this change I was erring on the side of known algorithms with solutions like LastPass at least using standardized PBKDF2. With this change, KeePass went behind or middle of the pack, cryptographically compared to competition, to the frontrunner.
ChaCha20 over the existing AES-CBC... not as much, I feel more comfortable in that it's harder to screw up the implementation of it, but that's about it. CBC mode especially can have unexpected side effects unless used very carefully, ChaCha20 or any other strong stream cipher, even AES in CTR mode is somewhat easier to understand the side effects of.
So overall, not concretely in terms of known vulnerabilities, but in terms of predicted risks, I'd say certainly. Before this change I was erring on the side of known algorithms with solutions like LastPass at least using standardized PBKDF2. With this change, KeePass went behind or middle of the pack, cryptographically compared to competition, to the frontrunner.