Well to start, there's browser history sync through your Google account. I'm not aware what the privacy policy is on that data, but I'd imagine it allows Google to get aggregate views at least at the domain level, if not the page level.
GA usually comes from a Google-domain. Implementing GA on one of your properties always means using 3rd-party cookies (as long as you not configure some CNAME-records to point your own 1st party tracking domain to GA's tracking domain). Where the script is being executed does not matter in this case, the script is just building the tracking request to the tracking app.
Disclaimer: despite working for Google, I don't have a clue about this. I'm deep in the backend.