More than $6.5 million were paid to researchers for reporting security bugs through Google’s Vulnerability Reward Program (VRP) in 2019. Reward amounts paid for qualifying bugs range from $100 to $31,337, which can drastically increase for exploit chains. Alpha Lab’s Guang Gong received a $201,337 payout for a remote code execution exploit chain on Pixel 3 devices. In total, Google paid 461 security researchers during 2019 with the biggest single payout ever. Over the last 9 years, the company rewarded researchers with roughly $15 million for qualifying vulnerabilities.
Source: https://www.bleepingcomputer.com/news/security/google-pays-65-million-to-hackers-for-reporting-security-bugs/