Is VirtualBox not totally sandboxed?
The VM cannot be totally isolated, since it has no hardware of its own. It's using the hardware resources of the host, such as the disk, CPU, GPU and the network adapter.
All of this hardware is used by the VM via VirtualBox and its virtual drivers.
Avast Antivirus is monitoring the host's network adapter, so it can monitor all the requests and responses, when coming from the host or the VM. As it runs on the host, not in the VM, you will see its notifications and actions on the host.
As @harrymc said, this is due to the network configuration.
You probably have the network adapter in VirtualBox configured as NAT. Depending on how Avast works (disclaimer: I don't run it), you could try:
- configure the adapter as "bridged" adapter.
- Use an USB network adapter and import the USB device into the virtual machine.
I used the latter in network tests and the host machine was not able to interfere with the network traffic.
I have actually seen this myself. Part of the issue is that the VM is running on the host's hardware, yes, but as mentioned the antivirus shouldn't be able to see HTTPS traffic (if the infected site wasn't just an HTTP one).
That's where the interesting part happens. Avast Antivirus in particular but also a number of other such tools actually install a man-in-the-middle proxy to read even your encrypted web traffic in case of viruses. (Avast also uses this information to run surveys on how people use the Internet.) This works across the entire network connection as well, not just to your browser (which makes sense if you want to check over other protocols or services).
A large caveat (aside from the privacy concern) is that in many such implementations, if the certificate for the original site doesn't exist or is expired, the antivirus program's own certificate causes the site to still appear "secure" even though your connection through the wider Internet won't be.
With regards to the sandbox being escaped, though, I have had various actions inside Virtualbox crash my entire OS before on several occasions. This isn't a sandbox escape (yet), but that sort of BSoD can be a sign that some questionably-designed code is running that could be exploited to make a sandbox escape.