A researcher earned a double-payment totaling $10,000 for a cross-site scripting (XSS) bug he found in Google Maps. Zohar Shachar, head of application security at Wix.com, reported the flaw to Google on April 23 and was issued a $5,000 reward soon after. Google publicly disclosed the issue, declaring it fixed on June 7. Minutes after he was notified of the patch and bounty payment award, he said he found a bypass for the fix. Google has continually expanded its bug-bounty programs.
Source: https://threatpost.com/bug-in-google-maps-opened-door-to-cross-site-scripting-attacks/159006/