Bech32 detects up to 4 errors (in the sense that, if you make up to 4 substitution errors, the resulting string is guaranteed to have an incorrect checksum). But error detection is not the same as error locating: just knowing that a bech32 is incorrect does not mean you can tell where the errors were made.
Bech32 also allows correcting up to 2 substitution errors. That is, if you know no more than 2 substitution errors were made, you can for any given string compute what the original, valid, string was. The javascript code on the website you link to has code to do this, but for safety reasons, it intentionally does not reveal what errors it found, only where.
The reason is that correcting is dangerous. If the user made more than 2 substitution errors, the error correction algorithm may well still find two errors to “correct”, in the sense that it’ll construct a valid address, but it will not be the user’s address. An inattentive user may well just make the corrections suggested by the algorithm, and send funds into the void. Instead, the correction algorithm is still used under the hood, but only the location of its errors is revealed, forcing the user to still go check whether primary source they received the address through, but perhaps with extra focus on the particular locations the algorithm believes are the likely positions errors were made.