I understand. I did in fact believe that this applies to any highest reward RCE vulnerability, thanks for pointing out that this may not be the case.
As for the black market price - I don't consider my security background sufficient for my guess to be anywhere near educated enough, so I'm bowing out.
Hah. As soon as I saw your initial setup I knew it was Wargames. The only winning move is not to play. I think you are right. When you add in all of the conditions required to sell a bug like this it becomes obvious (to me) that Google is offering more than you can get anywhere else without a lot of effort and or risk on the sellers part.
And not to spoil the game, but the subset of vulns that fetch good money has only narrowed in the last years as exploit mitigation has improved. The true unicorn 0days of yesteryear are almost always multiple hard earned bugs these days. Bugs in one vendor's project, even Google, it is cool they have such a high end reward, let alone 36k. Unless you crossed a line and exfiltrated data (high risk), I can't imagine getting this much money anywhere else.
Amusingly, 36k does look very similar to ~3wks of boutique infosec consulting, though, so for Google the price while generous probably makes sense.
As for the black market price - I don't consider my security background sufficient for my guess to be anywhere near educated enough, so I'm bowing out.