Is it safe to run everything from VirtualBox?

E.g. I install Ubuntu as my main system without anything else but VirtualBox and maybe some programs that need to be installed to run VirtualBox.

Then I install within VirtualBox Windows 7 (because I need to run a custom program from my comapny that is exclusively for Win) and maybe another Ubuntu or some other Linux distro for my daily stuff (browsing the web, testing some "untrusted" linux apps, downloading stuff via torrents etc.).

The question is, am I safe when I run apps/browser within my VirtualBox or do some viruses/malware/spyware exist that can access my main Ubuntu system from Windows 7 or the other linux distro that runs inside VirtualBox?

Thanks. Btw. can you think about some case, how my host OS could be infected via guest OS?

An easy case would be a shared folder between your guest OS and your host for example.

Yes, it is possible that you download something from the guest into a shared folder on the host. But that is unlikely to happen since the default download folder is almost alway called something different that the shared folder. In addition, you have to add the shared folder as a user, so the user will likely be careful about downloading anything there.

As for a use case, I find it hard to think of one. The person writing the exploit would have to guess at your host OS. But all they would have to go on is your virtual machine's OS fingerprint. How would they write a virus or exploit that could target your host?

Exploits against VirtualBox do exist. Virtualization requires the installation in the host OS of a driver. If a vulnerability exists in that driver that allows the execution of arbitrary code, an attacker could potentially take control of the host OS. As an example: coresecurity.com/content/….