PDFium in 2025: Secure, high‑performance PDF rendering explained
Table of contents
PDFium remains the leading open source PDF rendering engine in 2025: Its permissive Apache 2.0 license, Google‑backed maintenance, and competitive rendering speed and memory usage make it ideal for browser, mobile, and cloud‑based workflows — despite common security myths.
PDFium(opens in a new tab) is the permissively licensed C++ PDF engine embedded in Google and Chrome, Microsoft and Edge, and hundreds of commercial SDKs — collectively rendering billions of pages every day. Yet rumors still circulate that open source PDF libraries are inherently insecure or poorly maintained. In this 2025 update, Nutrient CEO Jonathan Rhyne separates fact from fiction, benchmarks PDFium against rival engines, and shows why CTOs continue to choose PDFium for mission‑critical document workflows.
Purpose and intended audience
This article targets decision makers who are choosing a reliable PDF processing technology. Whether you’re developing a web, desktop, or mobile app, understanding the true capabilities of PDFium is crucial.
So, in the first article in the series, I’ll analyze some of the myths and misconceptions regarding the security of open source, as well as the open source technology used and trusted by literally billions of people (no, that’s not a typo) around the world. My goal is to help you, the reader, come to your own conclusions about what really is fact versus what is fiction.
Myth #1 — Open source technology is insecure because the source code is open to the public
Have you ever heard anyone say: “Open source technology is insecure because all the source code is completely open to the public?” Unfortunately, this is one of the biggest myths regarding open source technology, and it’s typically used by companies who’d rather spend their resources attacking their competition as opposed to innovating or contributing to a community. So let’s analyze this argument a bit further.
Fact #1 — You’re probably already using open source technology and you don’t even know it
Just take a look at the latest statistics in Figure 1 below from the independent market research site statcounter.com regarding the global usage of web browsers.
Figure 1 — Browser market share worldwide(opens in a new tab) (June 2022)
As you can see, Google Chrome dominates the market with a whopping 65 percent of the global market share. And when you add up all the statistics for the top four browsers (Chrome, Safari, Edge, and Firefox), you see that all the major browsers command a combined total of more than 91 percent of the global market. And in case you were unaware, all of those web browsers are either fully open sourced, or they embed open source technology. So now think about this conclusion personally: If you use Google Chrome, Apple Safari, Microsoft Edge, or Mozilla Firefox, you’re already using open source technology. That’s a fact.
Another major thing to consider: If your company (or business) standardizes on any of the web browsers above, then they’re standardizing on tools that are (or embed) open source technology.
Now take a look at Figure 2 below, illustrating how many people worldwide use open source web browsers, to see how ubiquitous and pervasive open source software is.
Figure 2 — Infographic: Worldwide usage of open source web browsers(opens in a new tab) (June 2022)
At Nutrient, we adopted the use of the open source platform PDFium within our tools and APIs for developers. And with that, let’s address another myth.
Myth #2 — PDFium is an insecure PDF rendering engine
Now, without getting into the technical details of the various PDF specifications and how PDF toolkits (such as Nutrient) work, understand that PDF tools and toolkits are typically split into two parts. One part reads and processes the text and binary information encapsulated inside a PDF document (this part is typically called the PDF parser). The other part is responsible for taking the parsed information (text, images, etc.) inside the PDF document and visualizing it for the user (this part is called the PDF renderer).
Figure 3 — The architecture for PDF tools such as Nutrient is split into two parts: PDF parsers and PDF renderers
Now, although we evidently demonstrated the widespread and ubiquitous use of open source technology, some may argue that, in particular, the open source PDF renderer PDFium is inherently insecure. So, again, let’s look at the facts.
Fact #2 — Major companies contribute to or use PDFium
I love arguing this point because I can let the facts speak for themselves. Guess what Google, Microsoft, Amazon, Dropbox, and (yes) Nutrient all have in common? All of us are either contributors to the publicly available PDFium open source project, and/or we directly embed PDFium in the products we create for our end users. That’s a fact.
- Google uses PDFium inside Chrome (the most widely used browser in the world).
- Microsoft uses PDFium inside Edge (the default web browser in Windows 10 and 11).
- Amazon uses PDFium inside Amazon Echo and Fire TV products.
- Dropbox uses PDFium inside its client tools to preview files.
Figure 4 — Nutrient participates in a community of users and contributors to the open source PDFium project, alongside Google, Microsoft, Amazon, and Dropbox
Fact #3 — PDFium is an active and well-maintained open source project
As an active member of this vibrant and evolving community, Nutrient is passionate about and dedicated to the success, stability, and security of the open source PDFium project, which is continuously maintained and improved with new features that are channeled back to our customers.
Have you ever heard the phrase, “If you want to go FAST, then go alone, but if you want to go FAR, then go together?”
This is the mindset I instill in every employee at Nutrient, and it’s why we participate in the community of PDFium users and contributors. In this community, each company has its own business case and reasoning for embedding PDFium within individual platforms, however, we’re jointly committed to the success of the project.
Conclusion
This article kicks off our Fact vs. fiction series. Explore the links and information provided to see for yourself why PDFium is a trusted PDF rendering solution.
FAQ
What makes PDFium a trusted platform for PDF rendering?
PDFium’s trustworthiness stems from its open source nature, contributions from major tech companies, and its integration in widely used products like Google Chrome and Microsoft Edge.
How does open source technology contribute to the security of PDFium?
Open source technology allows a global community of developers to continuously audit and enhance PDFium, ensuring vulnerabilities are quickly addressed and security is maintained.
What is the role of PDFium in popular web browsers?
PDFium powers the PDF rendering capabilities in browsers like Google Chrome and Microsoft Edge, providing reliable and efficient document handling.
Why is PDFium considered a well-maintained open source project?
PDFium is actively maintained by a broad community, including major corporations, which contributes to its stability, security, and ongoing feature improvements.
How does Nutrient utilize PDFium in its products?
Nutrient integrates PDFium to offer advanced PDF rendering and manipulation features, benefiting from PDFium’s reliability and ongoing development.
Sources
- The list of companies that contribute to PDFium, which include Google, Microsoft, and Dropbox(opens in a new tab)
- The list of open source software used by Amazon Echo devices, which includes PDFium(opens in a new tab)
- The Dropbox.Tech blog discussing the performance of PDFium in Dropbox software(opens in a new tab)
- Microsoft Edge uses Chromium, which includes PDFium(opens in a new tab)
