TLDR - malicious VS Code extension named "ChatGPT" sends the full contents of any file you open to servers based in China by using a hidden iframe in a webview. There's a second mechanism that runs a command that bulk sends 50 files at a time from your workspace to the same servers. Third also uses a hidden iframe (zero pixels) in a webview to load 4 SDKs that track activity in the editor.

I have to admit I laughed when I saw the marketplace screenshot of "ChatGPT" from some unknown author (not OpenAI or Microsoft) with a non-English description. If anything screams "sus" to me that would be it.