Chrome Version       : 57.0.2987.133
OS Version: OS X 10.12.4
URLs (if applicable) :

1. In Chrome's URL bar (with the default font), insert the string "paypal.com" (don't press Enter). It looks OK and is OK.
2. Replace the lower-case "L" with an uppercase "i" (don't press Enter). The URL that could get linked/visited/loaded by an unsuspecting user still looks OK - but it would be the wrong domain. The user who followed a link containing the second URL would enter his/her credentials at a domain that is not the PayPal website.
3. Profit (for the bad guys).

What is the expected result?

The wrong URL should be clearly discernible.

What happens instead of that?

The wrong URL looks nearly exactly like the correct URL.

Please provide any additional information below. Attach a screenshot if
possible.

"PayPaI" (with an uppercase "i") can pose as PayPal. This is a security risk.

Please (for the URL bar etc) always ensure a font where "l" (lower L) and "I" (upper i) are very different.

This is just one example, please consider other cases as well.

UserAgentString: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36