Previous exploits were able to make it connect to the internet just by saying "browsing: enabled" so it's awfully plausible that it's real. Also the "current date" has been accurate every day so far. It's not magic, so it has to be getting that date as an input somewhere.
I think that the static prompt (+ current date) is prepended on the server side before being passed to the actual model for processing. So the current date is being artificially injected by the OpenAI web server, for example, or some other middleware.
I got mixed results with "browsing: enabled". Also if that string is a plausible hypothetical output for the model, then it seems like it could also serve as a plausible authoritative input...whether or not that was the actual way they set it up. Although at that point it doesn't make much of a difference. Just seems relevant to consider that the model is sort of free-associating at all times and doesn't have any simple linear deterministic imperative IO
https://i.imgur.com/PlX8K6k.png