The CVE-2017-5033 is about the Blink component of the Chrome browser.

IDM 14.4.x

Vulnerabilities

The CVE-2017-5033 is about the Blink component of the Chrome browser prior to 57.0.2987.98 and it's been addressed in the later versions. So the CVE-2017-5033 has no impact on Symantec IGA products. 

Implementing Content-Security-Policy with specific directives in the Identity Portal causes inadvertent page rendering issues with the Identity Manager and Identity Governance.

We do have "X-Frame-Options: SAMEORIGIN" and "X-Xss-Protection: 1; mode=block" and an internal framework filter that strongly defends from XSS or Clickjacking attacks.

On the other hand, we'll try to identify a specific directive pattern that can satisfy all three point products on vApp without causing any page rendering