You would get that error if you inject a <script> element into the page with the src attribute set. We recommend that you avoid inline javascript in any html you inject into the page from an extension (this also means avoiding onclick attributes in the html, etc) in order to stay compatible with all possible Content Security Policy values that the page may set. As far as we can tell, Gmail has been experimenting with CSP values and increasing its strictness for subsets of users over the last few years.
You can include jquery within your extension and use it from a content script instead of from inline javascript embedded in html.
Some other options:
* Change the <script> element so it has no src property, and instead has jquery's code as the element's text: <script>...all of jquery here...</script>. Chrome extensions are allowed to inject non-remote script tags into the page and bypass the page's Content Security Policy.
* Place your content in an iframe so that your content isn't directly affected by the page's Content Security Policy. In order for Chrome to allow the iframe placement to bypass the page's CSP, the iframe src attribute must point to a file contained within your extension, *not* a remote http/https URL. (That iframe will then be unaffected by the page's CSP and will instead follow your extension's manifest.json's CSP rule, so you can nest a remote iframe inside of that iframe.)