This is a re-filing of #11249 since that got closed. (Sorry about the bug-spam. I'm not sure if mail from closed bugs ends up disappearing.)
jquery uses inline styles in support.js, which trips up the default Content Security Policy rules. This is particularly relevant for Chrome extensions which enable CSP by default, but will also become relevant for the web as more people adopt CSP.
Here are tests demonstrating this on 1.7.2 and git.
Here is a patch to fix this. I don't have easy access to IE6-8, and I imagine this is a somewhat hairy part of the code. But I believe I haven't regressed the unit tests Firefox, Safari, Chrome, Opera, and IE9.