More than 50 security fixes made it into Google Chrome 37, including one bug that was so high priorty that Google ended up paying out $30,000 USD to the developer discovering this critical issue. "A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox."
There were also several other high and medium level security fixes too, which led Google to paying out thousands more to the security researchers and those that discovered them. Some of these bugs were detected using the AddressSanitizer of modern GCC and Clang.
The prominent improvements included new apps/extension APIs, under-the-hood stability and performance enhancements, and Windows Chrome now uses DirectWrite for improved font rendering.
More details on Chrome 37 can be found via the Chrome Release Blog.