Calls to navigator.vibrate will immediately return 'false' inside cross-origin iframes.The Vibrate API is being abused by unsafe third-party content (eg., malicious ads). As of Chrome 57 this is relaxed to allow vibration after the user has tapped on the frame. See https://crbug.com/683938.
Docs: https://github.com/WICG/interventions/issues/25
Samples: http://output.jsbin.com/murono