You'd have to request a re-issue by an intermediate which itself is certified using something better than sha-1.
It's not, however a problem for the roots because those are checked by browser using the actual private key they know by virtue of the root actually be embedded in the browser/os itself instead of just checking the SHA-1 signature.
Actually, the root certificate itself simply does not need to be checked at all, as we need to trust it anyway.
In the last verification step, we verify that the last intermediate certificate in the chain has a valid signature from the root CA certificate, by using the public (!) key of the root CA certificate stored in the browser.
Chrome only cares about the hash algorithm of the intermediate certificate(s) if the end-entity cert is expiring after 2016. So a SHA-1 certificate expiring in 2015 won't be marked insecure even if it's signed by a SHA-1 intermediate expiring in 2020.
Which is extremely bad practice in its own right. Unless you have an offline master (which you should, by the way) there's no justification for a 5+ year expiration. Keys need to be rotated.
PS - A lot of CA software makes doing offline CAs extremely hard. I'm talking about Microsoft's stuff in particular.
