Report from a user, with regard to the "Unsafe JavaScript attempt to access frame with URL $X from frame with URL $Y. Domains, protocols and ports must match." console warning: "What was accessed? What was unsafe about it? Which one(s) of domain, protocol, and port didn't match? Why does this error spam the console in apps (e.g. Gmail) that continue to work perfectly?" We've made a few changes to this (sandboxing, for example), but we can certainly do more to provide some context. This at least partially overlaps with 43504.
Two users specifically complained about Vimeo's player generating this error, might be a good place to start.