The appliance's CPU Monitor reports high CPU utilization in SSL and Cryptography and Policy evaluation - HTTP.

The high CPU usage is caused by Google Chrome sending a large volume of web request traffic to https://clients1.google.com/tbproxy/af/query?client=Google Chrome. If you stop Chrome from accessing the URL, the CPU utilization goes down.

The specific POST request URL is sent by Google Chrome's Autofill Download Manager component as seen in the source code file ("autofill_download_manager.cc") available at:
https://cs.chromium.org/chromium/src/components/autofill/core/browser/autofill_download_manager.cc?q=tbproxy&sq=package:chromium&l=88
 

• SSL access-logs show protocol of tcp for SSL traffic (that is, tunneled). The SSL Access Log contains protocols tcp and ssl. The ssl protocol has been handed off to the SSL Proxy. 
• Web requests per client ip report filters further based on the site and protocol. 

Additionally, the Blocked web browsing per user and Default Bandwidth reports are useful. 

After reviewing the access logs, if you see significant SSL traffic to https://clients1.google.com/tbproxy/af/query?client=Google%20Chrome, you can apply a policy to disable SSL interception or deny access to the URL. 
 

Example: Disable SSL interception 

Disable SSL Interception by url.domain:

• For Transparent Proxy:

<ssl-intercept>
  url.domain=clients1.google.com ssl.forward_proxy(no)

• For Explicit Proxy:

<proxy>
  url.domain=clients1.google.com detect_protocol(none)

Example: Deny access to the specific URL

This requires SSL Interception  to be enabled to block the URL query path.

<proxy>
  DENY url.domain=clients1.google.com url.substring="tbproxy/af"