Google has paid out in excess of $2,000,000 (USD) to security researchers. In three years since launch, we’ve rewarded (and fixed!) more than 2,000 security bug reports and also received recognition for setting leading standards for response time. In many cases, bugs previously rewarded at the $1,000 level will now be considered for reward at up to $5,000. Google will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of software.”]
Source: https://blog.chromium.org/2013/08/security-rewards-at-google-two.html