Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to "indepth analysis".

About 450,000 were capable of launching so-called "driveby downloads", sites that install malicious code, such as spyware, without a user's knowledge.

A further 700,000 pages were thought to contain code that could compromise a user's computer, the team report.

To address the problem, the researchers say the company has "started an effort to identify all web pages on the internet that could be malicious".

Drive-by downloads are an increasingly common way to infect a computer or steal sensitive information.

They usually consist of malicious programmes that automatically install when a potential victim visits a boobytrapped website.

"To entice users to install malware, adversaries employ social engineering, " wrote Google researcher Niels Provos and his colleagues in a paper titled The Ghost In The Browser.

"The user is presented with links that promise access to 'interesting' pages with explicit pornographic content, copyrighted software or media. A common example are sites that display thumbnails to adult videos."

The vast majority exploit vulnerabilities in Microsoft's Internet Explorer browser to install themselves.

Some downloads, such as those that alter bookmarks, install unwanted toolbars or change the start page of a browser, are an annoyance.

But increasingly, criminals are using drive-bys to install keyloggers that steal login and password information.

Other pieces of malicious code hijack a computer, turning it into a 'bot', a remotely controlled PC.

Drive-by downloads represent a shift away from traditional methods of infecting a computer, such as spam and email attachments. As well as characterising the scale of the problem on the net, the Google study analysed the main methods by which criminals inject malicious code on to innocent web pages.

The study also found that gangs were able to hijack web servers, effectively taking over and infecting all of the web pages hosted on the computer.

In a test, the researchers' computer was infected with 50 different pieces of malware by visiting a web page hosted on a hijacked server.

The firm is now in the process of mapping the malware threat.