Afaik it is not necessary that a root CA is compromised. Sufficient would be to compromise any intermediate CA who is not on a revocation list. How to circumvent Googles certificate pinning in Chrome, I have no good idea. They would need to compromise any certificate in the chain.