As part of its task of rendering web pages to PDF, Electron / Chrome loads linked resources like images, stylesheet and scripts from the network. While the sanitized HTML we will render should not contain references to private IPs, we should rely on this as the sole protection.
An option for restricting access from this service to public IPs would be to set up an iptables rule matching on the service user, and dropping any requests to the private production IPs. Examples: iptables -A OUTPUT -o eth0 -m owner --uid-owner 1000 .., man page.
Another might be to use a proxy, although this would likely affect performance negatively.