Note the last part of the message:
remove their references.
Security groups can allow traffic based on source IP address, or by allowing traffic originated by instances that are members of a security group, referencing the group id, sg-xxxxxxxx, instead of an IP address range.
For each security group you want to delete, you will need to remove any rules that reference them, inside other security groups.
The simplest approach, since you appear to have circular dependencies, would be to go into each group you already plan to delete, and simply delete all the rules and save the changes.
You don't have to delete all the rules, just the rules that reference groups you plan to delete... but since you're about to delete these groups, clicking the "x" on each row down the page is probably just as quick.
If there are no other references, you will immediately then be able to delete the groups.
If any of the groups were also referenced by rules inside groups you will not be deleting, you will need to go to those groups also, and delete only any rules that reference the groups that still can't be deleted.
Since security groups are limited to (typically) only 50 rules per group, you should be able to scroll through them and do this fairly quickly, and be done in just a few short minutes.
Note, this may seem like a point of frustration, but it is a sensible restriction to have in place: it would be a very bad thing if security groups could be deleted while outstanding references exist, and it would be unnecessarily inflexible if security groups were not allowed to have circular references under normal operations.