Unless the attacker has a big influence on the "good" binary, they need to find a second pre-image, not a collision for this to be a problem. The real problems with publishing hashes is that the source of the hash is generally just as (un)trustworthy as the binary itself, and that nobody bothers verifying them in the first place.