Is it? I'm not so familiar with the specifics of bug bounty programs, but it seems like this issue could cause much more than 3k in damages if it were to be exploited.
Similarly, I'm kind of shocked that Google is only offering 30k for discoveries of remote code execution vulnerabilities on their own servers. I don't mean to trivialize that amount of money, but compared to the scope of what that kind of vulnerability could be used for it seems insignificant. There's the potential for access to internal Google secrets and private data belonging to users. Would a government not pay 10-20x for something like that?
No it’s not! That is extremely low compared to say Apple, which doles out something like 50k for low severity bugs (source: they pretty much paid my college fees)
Similarly, I'm kind of shocked that Google is only offering 30k for discoveries of remote code execution vulnerabilities on their own servers. I don't mean to trivialize that amount of money, but compared to the scope of what that kind of vulnerability could be used for it seems insignificant. There's the potential for access to internal Google secrets and private data belonging to users. Would a government not pay 10-20x for something like that?