To add a few, Chrome was the first browser to introduce process isolation: Every browser tab, every site (second-level domain) and every iframe runs in its own sandboxed process.
With that it's the only end-user software (alongside the other browsers) that actually is secure against Spectre and Meltdown. Operating systems only protect against Specre/Meltdown leaks between processes.
Google invented Certificate Transparency and Chrome enforces CT since years. Firefox added CT enforcement only a few days ago.
CT solves the following: For example, if a rouge Chinese Certificate Authority decides to issue a cert for google.com to the Chinese government for Man-in-the-Middle attacks, CT blows their coverand makes it known to everyone that the CA issued a fraudlent cert.
