Safe frames are not the general solution that you make them out to be.
First, site owners have to actively choose to use safeframes. My personal opinion, just based on people I've spoken with about this, is that most businesses and individuals who run websites treat their ads as a black box and their security as an afterthought. This means any solution for security that isn't by-default and that non-technical site owners have to turn on themselves, with near total certainty, isn't going to be protecting users.
Plus, not all ad networks support it as of June 2017 [1]. In my view, it's less a solution than a "literally-crafted-by-the-ad-industry" [2] externalization of responsibility for users getting hacked due to poor network policing.
Not true with safeframes
The latter two can happen on the internet in general, third-party advertising is in no way a unique delivery vector.