Hello Ultimate PDF Users, 

During a recent internal security assessment, we identified that the Ultimate PDF component (v15.0.1) currently bundles an internal Chromium LTS engine version 138.0.7204.92. 

Based on the official Google / Chromium security advisories, multiple security vulnerabilities have been fixed in subsequent Chromium versions, meaning that version 138.0.7204.92 does not include all currently available security patches. 

According to Google’s public security information, Several high- and critical-severity vulnerabilities affecting Chromium 138 were patched after build 138.0.7204.92. These include issues in components such as: 

• V8 (JavaScript engine) – memory corruption/type confusion 
• PDFium – memory safety issues when processing crafted PDF content 
• Other internal Chromium subsystems were fixed in later point releases 

Based on my investigation, the security risk is low if you are using the default version of Chromium embedded in this component version, because: 

1. Chromium is used in a restricted, embedded, non‑interactive context
2. There is no free navigation or direct browser exposure 
3. Content rendered is typically application‑controlled

It's important to note that, through the Ultimate PDF Management component, it's possible to install and manage newer Chromium builds independently of the base component release. 

Therefore, if this is considered a security concern, teams can mitigate the identified vulnerabilities by uploading a Chromium release that includes the relevant security fixes, for example, Chromium LTS 138.0.7204.183, which incorporates multiple security patches released after 138.0.7204.92.

Thank you.