The CVE-2017-5033 is about the Blink component of the Chrome browser.
The CVE-2017-5033 is about the Blink component of the Chrome browser prior to 57.0.2987.98 and it's been addressed in the later versions. So the CVE-2017-5033 has no impact on Symantec IGA products.
Implementing Content-Security-Policy with specific directives in the Identity Portal causes inadvertent page rendering issues with the Identity Manager and Identity Governance.
We do have "X-Frame-Options: SAMEORIGIN" and "X-Xss-Protection: 1; mode=block" and an internal framework filter that strongly defends from XSS or Clickjacking attacks.
On the other hand, we'll try to identify a specific directive pattern that can satisfy all three point products on vApp without causing any page rendering