It sounds as if the Access Token obtained in the Chrome extension is not valid. When doing the curl experiment, you probably used the audience parameter in the authorization request, which indicates the API that you want to access.
In the Chrome Extension sample, make sure to indicate the audience in the options object if you want to use the Access Token to make a request to your own API:
let options = {
scope: 'openid offline_access',
device: 'chrome-extension',
audience: 'your-API-identifier'
};
new Auth0Chrome(env.AUTH0_DOMAIN, env.AUTH0_CLIENT_ID)
.authenticate(options)
[...]
The identifier only needs to be unique within your tenant, as the JWT middleware check both for the audience identifier (the aud claim) and the issuer (the iss claim, which is https://{your_auth0_domain}) when authorizing access.