Your allow google\..* is matching every URL with google. in it. The allow is matched first so access is allowed.
Your rule will also be allowing any requests with google. anywhere in the URL, like http://example.com/google.asp
Additionally, Google tries to do most requests via SSL so a deny via url_regex plays no part in these requests (There is no URL in https). You could do some Man in the Middle shenanigans with squid to decrypt SSL comms to be able to filter via URL. Alternatively dstdom_regex can match on just the domain component of the URL, which will also deny the SSL connects to that domain too.
Restructure your config to specifically deny, then specifically allow, then default to deny (using all instead of a list)
acl bad_domain dstdom_regex "/etc/squid/block.acl" acl good_domain dstdom_regex "/etc/squid/allow.acl" http_access deny bad_domain http_access allow good_domain http_access deny all
Then include the following in the bad list:
(.+\.)?plus\.google\..+$
And in the good list:
(.+\.)?google\.
That's not perfect as you will still be allowing some other domains with google. in their names (google.blah.com). The (.+\.)? is just a specific match for any subdomain. If you want to be more specific about the allow this wiki article on google domains should help.
