It's the most that Apple's paid out for a bug bounty, as far as I know. The previous highest was $500 less ($100,000).

It's also an interaction-required bug, apparently.

Now imagine how much money they saved by not researching those bugs themselves.

Now imagine how much the researcher gave up by not selling it to Cellebrite.

You mean to say someone like NSO Group, not Cellebrite. But you should know that it's possible driving up the price of bugs helps companies like NSO, rather than hurting them. They're middlemen, taking a cut of the value of transactions between exploit developers and downstream customers. Those downstream customers, for shops like NSO, are overwhelmingly government agencies that aren't especially price-sensitive to the cost of individual bugs.

I assume NSO group operates in their own best interest. If them buying a bug and reselling it hurts them, then I think they won't do it.

Although I guess one reason they might buy a bug that would lead to financial harm is to prevent a competitor from getting it, which might be an even worse financial harm.

Cellebrite doesn't really have a use for a browser vulnerability.