I mean point 3 is a big part of this value wise. By getting certified bounty-paid vulnerabilities in a big name product like google, they can then go on and get lucrative security contracts ("we hired a guy that has found bugs in google's products").
Also left unsaid is that these are products that people's grandparents use. So there is some very white-hat "help the public good" here. Even if it's also to the for-profit benefit of a mega corp. That's an issue for anti-trust courts, not people trying to make the world better (people use these products right now, that's the status quo; either it can be fixed now, or it can be part of a likely ineffectual protest that only harms others).
Just to be be clear I'm not supporting the low value of the bounty.
My point is that there's more to it than just that. Aside from the subjective point 1 in my comment, I think points 2 and 3 are very objective and don't really depend on the pay of the bounty.
If they find the bug and try to sell it on the dark/grey market, you risk litigation. If they are smart they can derive more value from it than just the bounty, although the bounty being bigger would be nice and would encourage more white hat hackers to invest their time on these programs.
So google cheaps out on bounties because developers are clamoring to do free work for mega-adtech corp in hopes that the clout they get from it will pay out down the road.
That's the most dystopian thing I've heard in a while.
A different interpretation is that large companies are able to find bugs of this magnitude on their own on a weekly basis, and fix them before the public hears about them at all.
Not saying they aren't good people, they are just undervaluing their work.