Hey Xinghui,
Letting redirects continue after the point you need to block them is an interesting choice, but once you have let them proceed you have the navigation system in a state that has progressed further than you would like. Modifying the displayed URL when the error is somewhere else is something we would discourage, as it can lead to a long tail of issues, which are sometimes hard to discover or deal with appropriately. Every time in the past where we have decided to overwrite the URL we have almost universally come to regret it in the future.
There is currently no approach that we know of to get a different URL to show in the omnibox, besides the virtual URL mechanism, but it doesn't look like that's the right solution for your case. Have you considered a different approach? For example, since you are going to display an error page, isn't it more appropriate to include the violation URL in the body of the error page? This will leave the omnibox displaying the correct navigation state and in the body of the error page you can explain exactly what has happened - one of the intermediate redirects was to URL "foo" which is blocked due to safe browsing check.
Our recommendation would be to leave the navigation and omnibox state as is and surface the information to the user in some other shape. Alternatively, you can just block the navigation on the actual redirect that fails the safe browsing check.
Thanks!
Nasko