How do browsers make sure their setting page is secure

What is there to secure it from? It's loaded directly within the browser. There is no connection outside of the local user context of the machine meaning there is nothing to intercept / tamper with.

To modify what you see you'd have to either modify the browser executable, memory space or modify the underlying data used to store the settings. To read the values you would have to be able to read either the browser memory space or underlying files. All of these are end-game. If a malicious actor can do that they have full control and there is no way to protect from it.

This page is not loaded over https

It's not loaded over anything. The browser is just displaying it within a browser frame because that frame already has the ability to display web forms so the same code is used to display this form, even though it doesn't come from the web.

As other answers have said, the page is secure because it is loaded from the browser, not transmitted or accessible by anyone else.

But why does Chrome bother marking such an obviously secure page as secure? To mitigate any phishing attempts. It would be trivial to make a fake 'settings' page and serve it to you to trick you into taking actions. (It seems unlikely to me someone would actually fall for opening a fake settings page, but users' gullibility always amazes me.)

This flag is just one more attempt at trying to make users more aware to avoid silly mistakes, since they are by far the weakest link in the security chain.