Comodo sandbox escape vulnerability when computer in high memory usage.

Computer: Windows 10 x64 laptop 22H2.

Product version used: Comodo Internet Security Premium pre-2025.

Unfortunately there was a brief sandbox/container escape incident when my laptop was running a Steam game (not in container sandbox) along with three browsers (in container sandbox), where attempting to open new sandbox browser instances will open new respective windows without green borders. Even worse, there’s the ability to copy something from within the sandbox to outside it (at least by going through the newly-opened container windows without the green borders). OpenVPN was used as well.

Steps to reproduce the problem:

  1. Get the computer into high memory usage. In my case I opened Chrome, Avast Browser and Comodo Dragon within container sandbox, along with a Steam game Space Engine outside container. In one of those browsers I have the high-memory usage Paramountplus or Disney+ tab(s) open. Occassionaly I open VirtualBox to use Linux distros. A few other antivirus softwares such as Malwarebytes and Avast are present on the computer.

  2. Normally using the computer in a high memory state, with hibernations between user sleep times, for about a week, maybe 5-6 days, give or take.

  3. After sustained usage the computer will start to slow down due to high memory usage, sometimes with application not responding

  4. By this point Comodo containment might start to fail as no green borders are found in newly opened container instances while things such as clipboards from container applications can leak out into the host system.

Hi @Clickx , thank you very much for sharing this. Could you please also share the CIS version that you are using? It will help us on reproduction of the issue.

I see that you also mentioned that some other AV products are also installed and actively running. This may cause trouble as multiple AV products will try to intercept at runtime, which might end up in a racing condition, thus resulting in CIS (and other products) to fail to intercept the malicious action.

Thanks in advance.

I see that you also mentioned that some other AV products are also installed and actively running. This may cause trouble as multiple AV products will try to intercept at runtime, which might end up in a racing condition, thus resulting in CIS (and other products) to fail to intercept the malicious action.

Thanks in advance.

The file version of the installer I used on the Comodo version which the problem was encountered, is 12.2.2.8012.

I neglected to mention that OpenVPN application was running at that time, so I’ve modified the original post to reflect it accordingly.

The hips setting Enable adaptive mode under low system resources is supposed to prevent such issue when enabled. But using other 3rd party AV is not recommended and is going to cause issues. So check again without those other AVs installed and with that hips setting enabled.

1 Like

Thanks! The adaptive mode wasn’t enabled in that case, so I’ve proceeded to enable it.

Just a question, what does the adaptive mode do? I can’t find any further information and mentions beyond the standard summary given by Comodo in terms of description.

But anyways, letting the contents of the container to leak out to host system is bad by itself. Comodo should at least put an alert box warning notifying users whether to enable the function or not in case it detects low-memory conditions.

Xcitium 12.2.2.8012 is old version of Xcitium you should upgrade to Xcitium 2025 Premium

I’ve already upgraded by now, but I figured that it’d be prudent for the Comodo team to check the new version for the aforementioned bug as well.

1 Like